Acmetool.sh for Centmin Mod Nginx HTTP/2


#1

Thought I’d share my letsencrypt integration addon called acmetool.sh with my Centmin Mod LEMP stack which runs Nginx HTTP/2. The acmetool.sh addon is a wrapper which utilises @Neilpang wonderful acme.sh client.

I had to move away from official Certbot client due to the heaviness of the python system requirements as Centmin Mod LEMP stack installs may work with servers with 128-512MB memory VPS servers. So scrapped my initial Certbot integration in favour of using a pure shell based acme.sh client. So acmetool.sh was born :slight_smile:

What is addons/acmetool.sh ?

Basically, addons/acmetool.sh is a standalone Centmin Mod Addon added to Centmin Mod 123.09beta01 branch which extends the feature set of Centmin Mod to allow users to automatically create Nginx based vhost site domain accounts and automatically obtain and configure the site to use free domain validated Letsencrypt SSL certificates and serve your site(s) via Nginx HTTP/2 protocol based HTTPS. It is one of the last remaining pieces needed before pushing Centmin Mod 123.09beta01 branch to stable release.

During beta testing phase, you now have to specifically enable addons/acmetool.sh integration detection via setting up persistent config file /etc/centminmod/custom_config.inc variable LETSENCRYPT_DETECT=‘y’ (details here)

acmetool.sh works standalone in both ssh command line and ssh shell based menu mode as well integrates into Centmin Mod LEMP stack existing Nginx vhost site generation routines as well. Detailed usage examples are posted at https://centminmod.com/acmetool

Quick examples

acmetool.sh shell based menu mode

./acmetool.sh acme-menu

--------------------------------------------------------
        SSL Management
--------------------------------------------------------
1).  acemtool.sh install
2).  acmetool.sh update
3).  acmetool.sh setup
4).  Issue SSL Management
5).  Renew SSL Management
6).  Reissue SSL Management
7).  Renew All Staging /Test Certs
8).  Renew ALL Live Certs
9).  Renew All Live Certs HTTPS Default
10). Exit
--------------------------------------------------------
Enter option [ 1 - 10 ] 
--------------------------------------------------------

Command line mode

To issue staging test Letsencrypt SSL certificate + auto generate the Nginx HTTP/2 HTTPS vhost and auto configure Letsencrypt SSL certificate

./acmetool.sh issue acme.domain.com

To issue a live real Letsencrypt SSL certificate + auto generate the Nginx HTTP/2 HTTPS vhost and auto configure Letsencrypt SSL certificate

./acmetool.sh issue acme.domain.com live

Many more examples listed at https://centminmod.com/acmetool :slight_smile:


Letsencrypt webroot verification follows http to https redirect for self-signed cert?
#2

acmetool.sh checkdates option also allows you to list all SSL certificates expiry dates and links to certificate transparency records at crt.sh

./acmetool.sh checkdates

----------------------------------------------
nginx installed
----------------------------------------------

/usr/local/nginx/conf/ssl/mysqlmymon.com/mysqlmymon.com-acme.cer
SHA1 Fingerprint=5E5C4C3FF94971A14652E0165FB6B12C0A31A547
certificate expires in 89 days on 1 Dec 2016

----------------------------------------------
acme.sh obtained
----------------------------------------------

/root/.acme.sh/mysqlmymon.com/mysqlmymon.com.cer
SHA1 Fingerprint=5E5C4C3FF94971A14652E0165FB6B12C0A31A547
https://crt.sh/?sha1=5E5C4C3FF94971A14652E0165FB6B12C0A31A547
certificate expires in 89 days on 1 Dec 2016

optional pushover.net notification support for mobile and tablet devices


#3

@eva2000

Great.

I have a small question, Is there any plan for centmin mod to support Debian/Ubuntu dists ?

:joy:


#4

@Neilpang been asked a lot so made an entry on my FAQ item 12 at https://centminmod.com/faq.html :slight_smile:

Basically, CentOS only right now so no Debian/Ubuntu support. Way into future Centmin Mod might look at Fedora and Cloudlinux (for CageFS jailed users). But for now CentOS only :slight_smile:


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.