Wildcard certificate with updates over API
cd /var/tmp
curl -Ls https://api.github.com/repos/go-acme/lego/releases/latest | \
grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | \
wget -i -
tar xf lego_v*_linux_amd64.tar.gz
mv lego /usr/local/sbin/
lego -v
- Turning on DNS API at the service provider (remember the ACLs)
- Creating a script to fetch the cert
#!/bin/sh
export VULTR_API_KEY=xxxAPI_KEYxxx
export VULTR_HTTP_TIMEOUT=60
export VULTR_POLLING_INTERVAL=60
export VULTR_PROPAGATION_TIMEOUT=300
export VULTR_TTL=300
lego --dns vultr \
--domains *.somedomain.name \
--domains somedomain.name \
--email null@somedomain.name \
--path="/etc/letsencrypt/somedomain.name" \
--accept-tos run
- Setting permissions and executing
chmod +x /usr/local/sbin/get-cert.sh
get-cert.sh
ls -alrt /etc/letsencrypt/somedomain.name
- Creating a script to update the cert
nano -w /usr/local/sbin/renew-cert.sh
#!/bin/sh
export VULTR_API_KEY=xxxAPI_KEYxxx
export VULTR_HTTP_TIMEOUT=60
export VULTR_POLLING_INTERVAL=60
export VULTR_PROPAGATION_TIMEOUT=300
export VULTR_TTL=300
lego --dns vultr \
--domains *.somedomain.name \
--domains somedomain.name \
--email null@somedomain.name \
--path="/etc/letsencrypt/somedomain.name" \
--accept-tos renew
- Setting permissions and checking
chmod +x /usr/local/sbin/renew-cert.sh
renew-cert.sh
crontab -u root -e
5 6 * * 1 /usr/local/sbin/renew-cert.sh 2> /dev/null
crontab -u root -l
