「Acme.sh」の版間の差分
ナビゲーションに移動
検索に移動
Kusanaginoturugi (トーク | 投稿記録) (add English page link.) |
Kusanaginoturugi (トーク | 投稿記録) (add link.) |
||
| 4行目: | 4行目: | ||
[[Category:コマンド]] |
[[Category:コマンド]] |
||
[[en:Acme.sh]] |
[[en:Acme.sh]] |
||
| − | [https://github.com/acmesh-official/acme.sh acme.sh] |
+ | [https://github.com/acmesh-official/acme.sh acme.sh] [[シェル]]スクリプトだけで書かれた ACME クライアントです。ACME プロトコルを完全に実装しており、例えば IPv6 やワイルドカード証明書などをサポートしています。 |
| − | == |
+ | == インストール == |
| − | [[インストール]] |
+ | {{Pkg|acme.sh}} パッケージを[[インストール]]し。スタンドアロンモードを使用する場合は、{{Pkg|socat}} をインストールします。 |
| − | == |
+ | == 使用方法 == |
The package does not provide man pages, but a [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for usage. Executing {{ic|acme.sh --help}} outputs a long list of commands and parameters. |
The package does not provide man pages, but a [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for usage. Executing {{ic|acme.sh --help}} outputs a long list of commands and parameters. |
||
| 62行目: | 62行目: | ||
The certs will be renewed every 60 days. To run {{ic|acme.sh}} regularly, a [https://github.com/acmesh-official/acme.sh/wiki/Using-systemd-units-instead-of-cron systemd timer] may be set up. |
The certs will be renewed every 60 days. To run {{ic|acme.sh}} regularly, a [https://github.com/acmesh-official/acme.sh/wiki/Using-systemd-units-instead-of-cron systemd timer] may be set up. |
||
| − | == |
+ | == 参照 == |
* [https://github.com/acmesh-official/acme.sh Project homepage] and [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for its documentation. |
* [https://github.com/acmesh-official/acme.sh Project homepage] and [https://github.com/acmesh-official/acme.sh/wiki/ wiki] for its documentation. |
||
2022年7月5日 (火) 13:55時点における版
acme.sh シェルスクリプトだけで書かれた ACME クライアントです。ACME プロトコルを完全に実装しており、例えば IPv6 やワイルドカード証明書などをサポートしています。
目次
インストール
acme.sh パッケージをインストールし。スタンドアロンモードを使用する場合は、socat をインストールします。
使用方法
The package does not provide man pages, but a wiki for usage. Executing acme.sh --help outputs a long list of commands and parameters.
There are three basic steps involved:
- Requesting a certificate to be issued.
- Installing the issued certificate, to make it useful.
- Maintaining the certificate over time.
as covered with below examples.
Issuing a new cert
You can specify any domain with the -d option.
The acme.sh script support different modes. Examples for modes and options to be specified are:
- Webroot mode:
$ acme.sh --issue -d example.com -d www.example.com -d cp.example.com -d '*.example.com' -w /home/wwwroot/example.com
- Standalone mode, by adding
--standaloneif no web server is running (requires socat installed):
$ acme.sh --issue --standalone -d example.com -d www.example.com -d cp.example.com
- Nginx mode:
$ acme.sh --issue --nginx -d example.com -d www.example.com -d cp.example.com
- DNS mode (see official wiki for further information):
$ acme.sh --issue -d example.com -d '*.example.com' --dns dns_he
The project's wiki lists more examples.
Install the cert to Apache/Nginx etc
Nginx:
$ acme.sh --install-cert -d example.com --key-file '/path/to/keyfile/in/nginx/example.key' --fullchain-file '/path/to/fullchain/nginx/example.cer' --reloadcmd "systemctl force-reload nginx"
Apache:
$ acme.sh --install-cert -d example.com --cert-file '/path/to/certfile/in/apache/example.cer' --key-file '/path/to/keyfile/in/apache/example.key' --fullchain-file '/path/to/fullchain/certfile/apache/example.fullchain.cer' --reloadcmd "systemctl force-reload nginx apache2"
Maintaining a cert
The certs will be renewed every 60 days. To run acme.sh regularly, a systemd timer may be set up.
参照
- Project homepage and wiki for its documentation.
- acme-tiny offers several related utilities, as well as additional general ACME documentation.
- lacme is a small ACME client written with process isolation and minimal privileges in mind.