Sortix cross-volatile manual
This manual documents Sortix cross-volatile. You can instead view this document in the latest official manual.
NAME
acme-client — ACME clientSYNOPSIS
acme-client | [-Fnrv] [-f configfile] handle |
DESCRIPTION
acme-client is an Automatic Certificate Management Environment (ACME) client: it looks in its configuration for a domain section corresponding to the handle given as command line argument and uses that configuration to retrieve an X.509 certificate which can be used to provide domain name validation (i.e. prove that the domain is who it says it is). The certificates are typically used to provide HTTPS for web servers, but can be used in any situation where domain name validation is required (such as mail servers).location /.well-known/acme-challenge/ { root acme; }
- -F
- Force certificate renewal, even if it has more than 30 days validity.
- -f configfile
- Specify an alternative configuration file.
- -n
- No operation: check and print configuration.
- -r
- Revoke the X.509 certificate.
- -v
- Verbose operation. Specify twice to also trace communication and data transfers.
- handle
- The handle of the domain section of the configuration that contains the details of the certificate to be created, renewed or revoked.
FILES
- /etc/acme
- Private keys for acme-client.
- /etc/acme-client.conf
- Default configuration.
- /var/www/acme
- Default challengedir.
EXIT STATUS
acme-client returns 0 if certificates were changed (revoked or updated), 1 on failure, or 2 if the certificates didn't change (up to date).EXAMPLES
Example configuration files for acme-client and nginx(8) are provided in /etc/examples/acme-client.conf, /etc/default/nginx/sites-available/acme, and /etc/default/nginx/sites-available/https.mkdir -p /etc/nginx mkdir -p /etc/nginx/sites-available mkdir -p /etc/nginx/sites-enabled cp /etc/default/nginx/sites-available/acme /etc/nginx/sites-available/acme ln -s ../sites-available/acme /etc/nginx/sites-enabled/acme service nginx enable # or reload if already enabled cp /etc/examples/acme-client.conf /etc/acme-client.conf # edit /etc/acme-client.conf mkdir -p /var/www/acme mkdir -p /etc/letsencrypt/live/example.com acme-client -v example.com cp /etc/default/nginx/sites-available/https /etc/nginx/sites-available/example.com ln -s ../sites-available/example.com /etc/nginx/sites-enabled/example.com # edit /etc/nginx/sites-available/example.com service nginx reload
require network optional require nginx optional exec sh -c 'while true; do acme-client -v example.com && service nginx reload; eval "echo >&$READYFD"; sleep 24h; done'
service local-cert-example.com enable