Under construction
This section is under construction.
1. Multi-domain configuration example
.domtool/lib.dtl
val acmeChallengeAlias = begin
location "/.well-known/acme-challenge" with unset_options [indexes]; end;
alias "/.well-known/acme-challenge" "/afs/hcoop.net/user/b/bk/bkhl/www/acme/.well-known/acme-challenge";
end;.domtool/elektrubadur.se:
val elektrubadurCertificate = use_cert "/etc/apache2/ssl/user/elektrubadur.se.pem";
val elektrubadurRewrite = rewriteRule "^(.*)$" "https://elektrubadur.se$1" [redirectWith permanent];
val elektrubadurSubdomainAlias = \name -> begin
web name with elektrubadurRewrite; end;
web name where SSL = elektrubadurCertificate; with elektrubadurRewrite; end;
end;
dom "elektrubadur.se" where
DocumentRoot = home "www/elektrubadur.se";
CreateWWW = false;
with
addDefaultSPF;
vhostDefault where
SSL = elektrubadurCertificate;
with
errorDocument "404" "/404.html";
expiresByType "text/plain" access 1 days;
expiresByType "text/css" access 1 days;
expiresByType "image/jpeg" access 1 weeks;
expiresByType "image/png" access 1 weeks;
expiresByType "image/gif" access 1 weeks;
expiresByType "image/svg" access 1 weeks;
expiresByType "image/vnd.microsoft.icon" access 1 weeks;
acmeChallengeAlias;
end;
vhostDefault with elektrubadurRewrite; end;
elektrubadurSubdomainAlias "www";
elektrubadurSubdomainAlias "bkhl";
web "test" where
DocumentRoot = home "www/test.elektrubadur.se";
SSL = elektrubadurCertificate;
with
acmeChallengeAlias;
end;
web "test" with
rewriteRule "^(.*)$" "https://test.elektrubadur.se$1" [redirectWith permanent];
end;
web "cloud" where
DocumentRoot = home "www/cloud.elektrubadur.se";
SSL = elektrubadurCertificate;
with
location "/" with
unset_options [indexes, multiViews];
directoryIndex ["index.php", "index.html"];
end;
expiresByType "text/css" access 1 weeks;
expiresByType "application/javascript" access 1 weeks;
expiresByType "image/svg" access 1 weeks;
expiresByType "image/gif" access 1 weeks;
expiresByType "application/font-woff2" access 1 weeks;
setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"];
rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" [];
rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last];
rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"];
rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last];
rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last];
rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last];
rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last];
rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last];
rewriteRule "^remote/(.*)" "remote.php" [qsappend, last];
rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last];
rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" [];
rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last];
acmeChallengeAlias;
end;
web "cloud" with
rewriteRule "^(.*)$" "https://cloud.elektrubadur.se$1" [redirectWith permanent];
end;
emailAlias "admin" "bkhl";
emailAlias "info" "bkhl";
end;command:
~/.acme.sh/acme.sh --issue -d elektrubadur.se -d www.elektrubadur.se -d bkhl.elektrubadur.se -d cloud.elektrubadur.se -d test.elektrubadur.se -w $HOME/www/acme/
And later on just ~/.acme.sh/acme.sh --renew-all
2. Mostly-automated renewals
You can edit example.com in the command below to be your domain paths and put the following into your ~/.bashrc. Then you just need to run letsencrypt_renew and open the link to submit the request.
. "$HOME/.acme.sh/acme.sh.env"
letsencrypt_renew() {
local domain="example.com"
local cert_dir="$HOME/certificates/$domain"
local keyfile="$cert_dir/$(date --iso-8601)-$domain.pem"
acme.sh --renew-all "$@" && cat "$cert_dir/$domain".{cer,key} "$cert_dir"/ca.cer > "$keyfile"
if test -f "$keyfile"
then
>&2 printf 'Open this link to submit:\n'
>&2 printf \
'https://members.hcoop.net/portal/cert?cmd=request&cert=%s&domain=%s&subdomain=&msg=routine+renewal\n' \
"$keyfile" "$domain"
else
>&2 printf 'Error renewing cert, see above for more info (hopefully)\n'
fi
}