「Acme.sh」の版間の差分
削除された内容 追加された内容
Kusanaginoturugi (トーク | 投稿記録) add English page link. |
Kusanaginoturugi (トーク | 投稿記録) add link. |
||
| 4行目: | 4行目: | ||
[[Category:コマンド]] |
[[Category:コマンド]] |
||
[[en:Acme.sh]] |
[[en:Acme.sh]] |
||
[https://github.com/acmesh-official/acme.sh acme.sh] |
[https://github.com/acmesh-official/acme.sh acme.sh] [[シェル]]スクリプトだけで書かれた ACME クライアントです。ACME プロトコルを完全に実装しており、例えば IPv6 やワイルドカード証明書などをサポートしています。 |
||
== |
== インストール == |
||
[[インストール]] |
{{Pkg|acme.sh}} パッケージを[[インストール]]し。スタンドアロンモードを使用する場合は、{{Pkg|socat}} をインストールします。 |
||
== |
== 使用方法 == |
||
The package does not provide man pages, but a [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for usage. Executing {{ic|acme.sh --help}} outputs a long list of commands and parameters. |
The package does not provide man pages, but a [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for usage. Executing {{ic|acme.sh --help}} outputs a long list of commands and parameters. |
||
| 62行目: | 62行目: | ||
The certs will be renewed every 60 days. To run {{ic|acme.sh}} regularly, a [https://github.com/acmesh-official/acme.sh/wiki/Using-systemd-units-instead-of-cron systemd timer] may be set up. |
The certs will be renewed every 60 days. To run {{ic|acme.sh}} regularly, a [https://github.com/acmesh-official/acme.sh/wiki/Using-systemd-units-instead-of-cron systemd timer] may be set up. |
||
== |
== 参照 == |
||
* [https://github.com/acmesh-official/acme.sh Project homepage] and [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for its documentation. |
* [https://github.com/acmesh-official/acme.sh Project homepage] and [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for its documentation. |
||
2022年7月5日 (火) 13:55時点における版
acme.sh シェルスクリプトだけで書かれた ACME クライアントです。ACME プロトコルを完全に実装しており、例えば IPv6 やワイルドカード証明書などをサポートしています。
インストール
acme.sh パッケージをインストールし。スタンドアロンモードを使用する場合は、socat をインストールします。
使用方法
The package does not provide man pages, but a wiki for usage. Executing acme.sh --help outputs a long list of commands and parameters.
There are three basic steps involved:
- Requesting a certificate to be issued.
- Installing the issued certificate, to make it useful.
- Maintaining the certificate over time.
as covered with below examples.
Issuing a new cert
You can specify any domain with the -d option.
ヒント You might want to specify LetsEncrypt as your default CA, as acme.sh uses ZeroSSL as its default CA effective from August 1st, 2021.
The acme.sh script support different modes. Examples for modes and options to be specified are:
- Webroot mode:
$ acme.sh --issue -d example.com -d www.example.com -d cp.example.com -d '*.example.com' -w /home/wwwroot/example.com
- Standalone mode, by adding
--standaloneif no web server is running (requires socat installed):
$ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
- Nginx mode:
$ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
- DNS mode (see official wiki for further information):
$ acme.sh --issue -d example.com -d '*.example.com' --dns dns_he
The project's wiki lists more examples.
Install the cert to Apache/Nginx etc
Nginx:
$ acme.sh --install-cert -d example.com --key-file '/path/to/keyfile/in/nginx/example.key' --fullchain-file '/path/to/fullchain/nginx/example.cer' --reloadcmd "systemctl force-reload nginx"
Apache:
$ acme.sh --install-cert -d example.com --cert-file '/path/to/certfile/in/apache/example.cer' --key-file '/path/to/keyfile/in/apache/example.key' --fullchain-file '/path/to/fullchain/certfile/apache/example.fullchain.cer' --reloadcmd "systemctl force-reload nginx apache2"
Maintaining a cert
The certs will be renewed every 60 days. To run acme.sh regularly, a systemd timer may be set up.
参照
- Project homepage and wiki for its documentation.
- acme-tiny offers several related utilities, as well as additional general ACME documentation.
- lacme is a small ACME client written with process isolation and minimal privileges in mind.