MemberManual/ServingWebsites/LetsEncrypt

.domtool/lib.dtl

val acmeChallengeAlias = begin
    location "/.well-known/acme-challenge" with unset_options [indexes]; end;
    alias "/.well-known/acme-challenge" "/afs/hcoop.net/user/b/bk/bkhl/www/acme/.well-known/acme-challenge";
end;

.domtool/elektrubadur.se:

val elektrubadurCertificate = use_cert "/etc/apache2/ssl/user/elektrubadur.se.pem";

val elektrubadurRewrite = rewriteRule "^(.*)$" "https://elektrubadur.se$1" [redirectWith permanent];

val elektrubadurSubdomainAlias = \name -> begin
    web name with elektrubadurRewrite; end;
    web name where SSL = elektrubadurCertificate; with elektrubadurRewrite; end;
end;

dom "elektrubadur.se" where
    DocumentRoot = home "www/elektrubadur.se";
    CreateWWW = false;
with
    addDefaultSPF;

    vhostDefault where
        SSL = elektrubadurCertificate;
    with
        errorDocument "404" "/404.html";

        expiresByType "text/plain" access 1 days;
        expiresByType "text/css" access 1 days;

        expiresByType "image/jpeg" access 1 weeks;
        expiresByType "image/png" access 1 weeks;
        expiresByType "image/gif" access 1 weeks;
        expiresByType "image/svg" access 1 weeks;
        expiresByType "image/vnd.microsoft.icon" access 1 weeks;

        acmeChallengeAlias;
    end;

    vhostDefault with elektrubadurRewrite; end;

    elektrubadurSubdomainAlias "www";
    elektrubadurSubdomainAlias "bkhl";

    web "test" where
        DocumentRoot = home "www/test.elektrubadur.se";
        SSL = elektrubadurCertificate;
    with
        acmeChallengeAlias;
    end;

    web "test" with
        rewriteRule "^(.*)$" "https://test.elektrubadur.se$1" [redirectWith permanent];
    end;

    web "cloud" where
        DocumentRoot = home "www/cloud.elektrubadur.se";
        SSL = elektrubadurCertificate;
    with
        location "/" with
            unset_options [indexes, multiViews];
            directoryIndex ["index.php", "index.html"];
        end;

        expiresByType "text/css" access 1 weeks;
        expiresByType "application/javascript" access 1 weeks;
        expiresByType "image/svg" access 1 weeks;
        expiresByType "image/gif" access 1 weeks;
        expiresByType "application/font-woff2" access 1 weeks;

        setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];

        rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
        rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];

        rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
        rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
        rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
        rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
        rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
        rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
        rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
        rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
        rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
        rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];

        acmeChallengeAlias;
    end;

    web "cloud" with
        rewriteRule "^(.*)$" "https://cloud.elektrubadur.se$1" [redirectWith permanent];
    end;

    emailAlias "admin" "bkhl";
    emailAlias "info" "bkhl";
end;

command:

~/.acme.sh/acme.sh --issue -d elektrubadur.se -d www.elektrubadur.se -d bkhl.elektrubadur.se -d cloud.elektrubadur.se -d test.elektrubadur.se -w $HOME/www/acme/

And later on just ~/.acme.sh/acme.sh --renew-all

Quick Links

Search Wiki

Page Tools

MemberManual / ServingWebsites / LetsEncrypt