Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
acme.sh
It produced this output:
a new certificate in the area it had designated
My web server is (include version):
NA / uses Cloudflare tokenized
The operating system my web server runs on is (include version):
Cloudflare Tokenized
My hosting provider, if applicable, is:
DNS = cloudflare
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
acme.sh version 2.8.7
Guys i setup the cron job to renew the certificate every 3 months and this works well
here is the cron job
The issue i have is that the .domain.cer and key that is created /replaced needs to be placed into a directory on another hardware and renamed over ssh and the server service STOPPED whilst this happens … i do the whole thing by creating an executable bash script and run it manually after the crontabed .acme.sh cronjob has run … key word being MANUALLY … is it possible to ammend the existing .acme.sh script itself to do this all in one so i dont have to manually run a second script ? example of the secondary script :
#!/bin/bash
Please if anyone can asssist on how to do this in one and using the inbuilt cron job ! And also which script to alter / edit … im not sure from the cron job which script its referencing (expecting the .ame.sh inside the .acme.sh/ directory
Thanks @_az but theres nothing stopping me also just timing the script to run on change less the certificate call so (i dont want to re invent the wheel here) :
These parameters are to install the cert to nginx/apache or any other server after issue/renew a cert:
--cert-file <file> Path to copy the cert file to after issue/renew..
--key-file <file> Path to copy the key file to after issue/renew.
--ca-file <file> Path to copy the intermediate cert file to after issue/renew.
--fullchain-file <file> Path to copy the fullchain cert file to after issue/renew.
--reloadcmd <command> Command to execute after issue/renew to reload the server.
So if the machine on which you run acme.sh has passwordless (key or cert) ssh access to the machine you want to deploy to, you can do this:
it seems convoluted and restricted as opposed to running your own script with the a server software you know responds to the script you originally ran ?
So for something that normally would run as a standalone script and connects keyless and changes the certificate extension (.cer to .crt) such as :
/usr/local/server/mailserver/mailserver stop
scp /Users/user/.acme.sh/mail.example.com/mail.example.com.cer root@192.168.99.4:/usr/local/server/mailserver/sslcert/server3.crt
scp /Users/user/.acme.sh/mail.example.com/mail.example.com.key root@192.168.99.4:/usr/local/server/mailserver/sslcert/server3.key
/usr/local/server/mailserver/mailserver start
How can i convert that into your deploy hook ? That is literally the actual script i run above manually …
I cant get my head round the arguments to emulate that using deploy hook, otherwise i would use it 100% !
Neil would this work for my scenario ? your feedback and time is very appreciated, the remote command is the main issue i struggle with this is on OSX and the service is kerio connect (does not have "restart" command only stop and start) there is also no example be it linux or other on your deployhooks · acmesh-official/acme.sh Wiki · GitHub page
original script currently in use :
/usr/local/server/mailserver/mailserver stop
scp /Users/user/.acme.sh/mail.example.com/mail.example.com.cer root@192.168.99.4:/usr/local/server/mailserver/sslcert/server3.crt
scp /Users/user/.acme.sh/mail.example.com/mail.example.com.key root@192.168.99.4:/usr/local/server/mailserver/sslcert/server3.key
/usr/local/server/mailserver/mailserver start