Automatic TLS certificate renewal using acme.sh #92
Labels
backend
Related to the Spigot plugin
enhancement
New feature or request
size: medium
A feature or fix that is inbetween large and small
This feature builds further on #23, by adding the functionality to work with acme.sh to automatically renew a TLS certificate to be used for WebStats HTTPS support. The reason to implement this in WebStats and not in a third-party plugin is just for convenience: I don't really want people to need to install a separate plugin to enable full automatic no-hassle HTTPS support.
To do this, a new command along the lines of
/webstats renew-certificate
will be added. Either the user can set up a recurring task with their server software to run this command, or WebStats could provide a way to run this command periodically.Renewal command behaviour
1. Install
acme.sh --install [...]
(see advanced installation resource)acme.sh --upgrade
12. Issue or renew certificate
acme.sh --issue --dns dns_duckdns -d mydomain.duckdns.org -d *.mydomain.duckdns.org
2acme.sh --renew -d example.com --force
33. Convert certificate file
If the renewal was successful, we probably need to convert the generated files into a usable format with
acme.sh --toPkcs -d <domain> [--password pfx-password]
4TODO: find out whether this is necessary.
4. Restart WebStats
Restart WebStats when acme.sh shell script has finished running.
Maybe: read the script's output to detect whether certificate renewal was successful, and display any errors in the server's console. TODO: figure out the output format of acme.sh
Config file
Something along these lines:
Resources
--home
to subdirectory of WebStats plugin directory--accountemail
to something specified in the plugin's config file--nocron
(we will let acme.sh renew when we ask it to, this way there is no uninstallation necessary)Footnotes
https://github.com/acmesh-official/acme.sh?tab=readme-ov-file#14-how-to-upgrade-acmesh ↩
https://github.com/acmesh-official/acme.sh/wiki/dnsapi#dns_duckdns ↩
https://github.com/acmesh-official/acme.sh?tab=readme-ov-file#12-how-to-renew-the-certs ↩
https://github.com/acmesh-official/acme.sh/wiki#3-how-to-get-pkcs12pfx-format ↩
The text was updated successfully, but these errors were encountered: