Under construction
This section is under construction.
1. Multi-domain configuration example
.domtool/lib.dtl
val acmeChallengeAlias = begin location "/.well-known/acme-challenge" with unset_options [indexes]; end; alias "/.well-known/acme-challenge" "/afs/hcoop.net/user/b/bk/bkhl/www/acme/.well-known/acme-challenge"; end;
.domtool/elektrubadur.se:
val elektrubadurCertificate = use_cert "/etc/apache2/ssl/user/elektrubadur.se.pem"; val elektrubadurRewrite = rewriteRule "^(.*)$" "https://elektrubadur.se$1" [redirectWith permanent]; val elektrubadurSubdomainAlias = \name -> begin web name with elektrubadurRewrite; end; web name where SSL = elektrubadurCertificate; with elektrubadurRewrite; end; end; dom "elektrubadur.se" where DocumentRoot = home "www/elektrubadur.se"; CreateWWW = false; with addDefaultSPF; vhostDefault where SSL = elektrubadurCertificate; with errorDocument "404" "/404.html"; expiresByType "text/plain" access 1 days; expiresByType "text/css" access 1 days; expiresByType "image/jpeg" access 1 weeks; expiresByType "image/png" access 1 weeks; expiresByType "image/gif" access 1 weeks; expiresByType "image/svg" access 1 weeks; expiresByType "image/vnd.microsoft.icon" access 1 weeks; acmeChallengeAlias; end; vhostDefault with elektrubadurRewrite; end; elektrubadurSubdomainAlias "www"; elektrubadurSubdomainAlias "bkhl"; web "test" where DocumentRoot = home "www/test.elektrubadur.se"; SSL = elektrubadurCertificate; with acmeChallengeAlias; end; web "test" with rewriteRule "^(.*)$" "https://test.elektrubadur.se$1" [redirectWith permanent]; end; web "cloud" where DocumentRoot = home "www/cloud.elektrubadur.se"; SSL = elektrubadurCertificate; with location "/" with unset_options [indexes, multiViews]; directoryIndex ["index.php", "index.html"]; end; expiresByType "text/css" access 1 weeks; expiresByType "application/javascript" access 1 weeks; expiresByType "image/svg" access 1 weeks; expiresByType "image/gif" access 1 weeks; expiresByType "application/font-woff2" access 1 weeks; setEnvIfNoCase "^Authorization$" "(.+)" ["XAUTHORIZATION=$1"]; rewriteCond "%{HTTP_USER_AGENT}" "DavClnt" []; rewriteRule "^$" "/remote.php/webdav/" [redirectWith temp, last]; rewriteRule ".*" "-" [env "HTTP_AUTHORIZATION" "%{HTTP:Authorization}"]; rewriteRule "^\.well-known/host-meta" "/public.php?service=host-meta" [qsappend, last]; rewriteRule "^\.well-known/host-meta\.json" "/public.php?service=host-meta-json" [qsappend, last]; rewriteRule "^\.well-known/webfinger" "/public.php?service=webfinger" [qsappend, last]; rewriteRule "^\.well-known/carddav" "/remote.php/dav/" [redirectWith permanent, last]; rewriteRule "^\.well-known/caldav" "/remote.php/dav/" [redirectWith permanent, last]; rewriteRule "^remote/(.*)" "remote.php" [qsappend, last]; rewriteRule "^(?:build|tests|config|lib|3rdparty|templates)/.*" "-" [redirectWith notfound, last]; rewriteCond "%{REQUEST_URI}" "!^/\.well-known/(acme-challenge|pki-validation)/.*" []; rewriteRule "^(?:\.|autotest|occ|issue|indie|db_|console).*" "-" [redirectWith notfound, last]; acmeChallengeAlias; end; web "cloud" with rewriteRule "^(.*)$" "https://cloud.elektrubadur.se$1" [redirectWith permanent]; end; emailAlias "admin" "bkhl"; emailAlias "info" "bkhl"; end;
command:
~/.acme.sh/acme.sh --issue -d elektrubadur.se -d www.elektrubadur.se -d bkhl.elektrubadur.se -d cloud.elektrubadur.se -d test.elektrubadur.se -w $HOME/www/acme/
And later on just ~/.acme.sh/acme.sh --renew-all
2. Mostly-automated renewals
You can edit example.com in the command below to be your domain paths and put the following into your ~/.bashrc. Then you just need to run letsencrypt_renew and open the link to submit the request.
. "$HOME/.acme.sh/acme.sh.env" letsencrypt_renew() { local domain="example.com" local cert_dir="$HOME/certificates/$domain" local keyfile="$cert_dir/$(date --iso-8601)-$domain.pem" acme.sh --renew-all "$@" && cat "$cert_dir/$domain".{cer,key} "$cert_dir"/ca.cer > "$keyfile" if test -f "$keyfile" then >&2 printf 'Open this link to submit:\n' >&2 printf \ 'https://members.hcoop.net/portal/cert?cmd=request&cert=%s&domain=%s&subdomain=&msg=routine+renewal\n' \ "$keyfile" "$domain" else >&2 printf 'Error renewing cert, see above for more info (hopefully)\n' fi }