25 lines
752 B
Markdown
25 lines
752 B
Markdown
# Getting LE certs via auto DNS config
|
|
|
|
This is helpful when getting certs for domains which are scattered across
|
|
machines/IPs. The [acme.sh](https://github.com/Neilpang/acme.sh) script will
|
|
automatically configure DNS TXT records for LE to verify, instead of relying on
|
|
Web requests to the machine.
|
|
|
|
We need to automate this in a cookbook.
|
|
|
|
## Steps
|
|
|
|
Export Gandi Live DNS API key:
|
|
|
|
export GANDI_LIVEDNS_KEY="fdmlfsdklmfdkmqsdfk"
|
|
|
|
Run acme.sh like this:
|
|
|
|
acme.sh --issue --dns dns_gandi_livedns -d kosmos.org -d xmpp.kosmos.org -d chat.kosmos.org
|
|
|
|
## ejabberd
|
|
|
|
ejabberd needs the key and fullchain files concatenated:
|
|
|
|
cat /home/basti/.acme.sh/kosmos.org/kosmos.org.key /home/basti/.acme.sh/kosmos.org/fullchain.cer >> conf/kosmos.org.pem
|