-
-
Save thimslugga/29a15b852fa641dc92c97dba0ecad2c4 to your computer and use it in GitHub Desktop.
Revisions
-
blackjack4494 revised this gist
Jul 31, 2021 . 1 changed file with 8 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -22,12 +22,12 @@ If you want to change the default to let's say Let's Encrypt `acme.sh --set-default-ca --server letsencrypt` execute this `acme.sh --issue --dns dns_cf -d unifi.controller.tld` change to your actual sub/domain and let acme issue you a cert for it. now execute this command to deploy the issued certificate `acme.sh --deploy -d unifi.controller.tld --deploy-hook unifi` change your sub/domain once again. More about deploy-hooks (especially unifi) check here https://github.com/acmesh-official/acme.sh/wiki/deployhooks#23-deploy-the-cert-on-a-unifi-controller-or-cloud-key @@ -45,7 +45,7 @@ Acme even created a cronjob for you which you can check here `47 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null` If it's missing for some reason just run `acme.sh --install-cronjob` Not sure if the cronjob also automatically uses the unifi deploy hook again. Will update this then. @@ -60,9 +60,11 @@ export CF_Token="api-token" acme.sh --set-default-ca --server letsencrypt acme.sh --issue --dns dns_cf -d unifi.controller.tld acme.sh --deploy -d unifi.controller.tld --deploy-hook unifi crontab -l ``` leave out the `set-default-ca` line if you are okay with ZeroSSL Also note that you may have to reconnect to ssh/restart terminal to be able to use `acme.sh` as command right away. -
Jul 31, 2021 . 1 changed file with 17 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,3 +49,20 @@ If it's missing for some reason just run Not sure if the cronjob also automatically uses the unifi deploy hook again. Will update this then. All commands together ``` curl https://get.acme.sh | sh -s [email protected] export CF_Zone_ID="zone-id" export CF_Token="api-token" acme.sh --set-default-ca --server letsencrypt ./acme.sh --issue --dns dns_cf -d unifi.controller.tld ./acme.sh --deploy -d unifi.controller.tld --deploy-hook unifi crontab -l ``` leave out the `set-default-ca` line if you are okay with ZeroSSL -
Jul 31, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,51 @@ My domain is registered on cloudflare. So go to https://dash.cloudflare.com/profile/api-tokens to either use global key or better create a new api key for a specific zone with zone dns edit permissions. Copy that token you just created. Go back to dashboard, click on the domain you want to use bottom right corner copy the zone id. Acme Client I have used https://github.com/acmesh-official/acme.sh `curl https://get.acme.sh | sh -s [email protected]` change to your email address. `export CF_Zone_ID="zone-id"` `export CF_Token="api-token"` replace with values you copied earlier. Do note Acme.sh changed their default CA ZeroSSL is default now. https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL If you want to change the default to let's say Let's Encrypt `acme.sh --set-default-ca --server letsencrypt` execute this `./acme.sh --issue --dns dns_cf -d unifi.controller.tld` change to your actual sub/domain and let acme issue you a cert for it. now execute this command to deploy the issued certificate `./acme.sh --deploy -d unifi.controller.tld --deploy-hook unifi` change your sub/domain once again. More about deploy-hooks (especially unifi) check here https://github.com/acmesh-official/acme.sh/wiki/deployhooks#23-deploy-the-cert-on-a-unifi-controller-or-cloud-key https://github.com/acmesh-official/acme.sh/blob/master/deploy/unifi.sh As of now supports ``` - self-hosted Unifi Controller - Unifi Cloud Key (Gen1/2/2+) - Unifi Cloud Key running UnifiOS (v2.0.0+, Gen2/2+ only) ``` All good for my selfhosted controller on a raspberry pi 2 with raspbian (debian 9/stretch) Acme even created a cronjob for you which you can check here `crontab -l` `47 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null` If it's missing for some reason just run `./acme.sh --install-cronjob` Not sure if the cronjob also automatically uses the unifi deploy hook again. Will update this then.