Skip to content

SamGamdschie/bastille-letsencrypt

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
Bastillefile
Bastillefile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

bastille-letsencrypt

This Bastille Template installs ACME.SH in a separate jail. The configuration is copied from /usr/local/etc/git_config/acme.sh/account.conf. The certificates will be written to host system using mount:

MOUNT /werzel/certificates var/db/acme/certs nullfs rw 0 0

INWX parameters

INWX offers an xmlrpc api with your standard login credentials, set them like so in /usr/local/etc/letsencrypt/inwx.cfg:

dns_inwx_username="yourusername"
dns_inwx_password="password"

Then you can issue your certificates with:

certbot certonly -a dns-inwx -d homeassistant.werzel.de -d mosquitto.werzel.de --dry-run

Remove --dry-runto actually issue certificates. If your account is secured by mobile tan you have also defined the shared secret.

dns_inwx_shared_secret="shared secret"

You may need to re-enable the mobile tan to gain the shared secret.

Certbot - Replacement for ACME.SH

In order to automatically renew the certificates, add this line to /etc/periodic.conf:

weekly_certbot_enable="YES"


certbot certonly --standalone -d

certbot certonly -a dns-inwx -d sub.domain.tld -d *.wildcard.tld

About

Bastille Template to run certbot in a jail

Topics

letsencrypt certbot bastille-templates

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published