ThirdMirrors
/
acme.sh
mirror of https://gitee.com/Hawkin99/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Updates SSH to note that multiple servers support added in 2.8.7 and updated Unifi Controller example

David Kerr 2020-05-25 15:48:45 -04:00
parent 85209ccf62
commit f96eeeb0e5
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
deployhooks.md

@ -83,6 +83,8 @@ more secure). Defaults to "ssh -T"
**DEPLOY_SSH_SERVER** **DEPLOY_SSH_SERVER**
URL or IP Address of the remote server. If not provided then the domain URL or IP Address of the remote server. If not provided then the domain
name provided on the acme.sh --deploy command line is used. name provided on the acme.sh --deploy command line is used.
New in Acme release 2.8.7 this may be space separated list of servers to which exactly the
same deploy commands can be sent.
**DEPLOY_SSH_KEYFILE** **DEPLOY_SSH_KEYFILE**
Target path and filename _on the remote server_ for the private key issued by LetsEncrypt. Target path and filename _on the remote server_ for the private key issued by LetsEncrypt.
@ -161,24 +163,26 @@ acme.sh --deploy -d example.com --deploy-hook ssh
``` ```
The next example illustrates deploying certificates to a Unifi The next example illustrates deploying certificates to a Unifi
Controller (tested with version 5.4.11). Controller (tested with version 5.12.72).
```sh ```sh
export DEPLOY_SSH_USER="root" export DEPLOY_SSH_USER="root"
export DEPLOY_SSH_SERVER="unifi.example.com" export DEPLOY_SSH_SERVER="unifi.example.com"
export DEPLOY_SSH_KEYFILE="/var/lib/unifi/unifi.example.com.key" export DEPLOY_SSH_KEYFILE="/var/lib/unifi/unifi.example.com.key"
export DEPLOY_SSH_FULLCHAIN="/var/lib/unifi/unifi.example.com.cer" export DEPLOY_SSH_FULLCHAIN="/var/lib/unifi/unifi.example.com.cer"
export DEPLOY_SSH_REMOTE_CMD="openssl pkcs12 -export \ export DEPLOY_SSH_REMOTE_CMD="DIR=/var/lib/unifi && FQDN=unifi.example.com \
-inkey /var/lib/unifi/unifi.example.com.key \ && openssl pkcs12 -export \
-in /var/lib/unifi/unifi.example.com.cer \ -inkey $DIR/$FQDN.key -in $DIR/$FQDN.cer -out $DIR/$FQDN.p12 \
-out /var/lib/unifi/unifi.example.com.p12 \ -name ubnt -password pass:aircontrolenterprise \
-name ubnt -password pass:temppass \ && keytool -delete -alias unifi -keystore $DIR/keystore \
-deststorepass aircontrolenterprise \
&& keytool -importkeystore -deststorepass aircontrolenterprise \ && keytool -importkeystore -deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \ -destkeypass aircontrolenterprise \
-destkeystore /var/lib/unifi/keystore \ -destkeystore $DIR/keystore -srckeystore /$DIR/$FQDN.p12 \
-srckeystore /var/lib/unifi/unifi.example.com.p12 \
-srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt \ -srcstoretype PKCS12 -srcstorepass temppass -alias ubnt -noprompt \
&& chown -R unifi:unifi $DIR/keystore
&& service unifi restart" && service unifi restart"
export DEPLOY_SSH_MULTI_CALL="yes"
acme.sh --deploy -d unifi.example.com --deploy-hook ssh acme.sh --deploy -d unifi.example.com --deploy-hook ssh
``` ```