Examples

Jakub Warmuz edited this page Apr 16, 2016 · 24 revisions

You might find more examples in Links.

Using with popular servers

server flags configuration
nginx -f key.pem -f fullchain.pem ssl_certificate_key key.pem, ssl_certificate fullchain.pem
apache >= 2.4.8 -f key.pem -f fullchain.pem SSLCertificateKeyFile key.pem, SSLCertificateFile fullchain.pem
apache < 2.4.8 -f key.pem -f cert.pem -f chain.pem SSLCertificateKeyFile key.pem, SSLCertificateFile cert.pem, SSLCertificateChainFile chain.pem

For all files in the server configuration use absolute paths. Do NOT e.g. cp key.pem /etc/apache2 - this way you're missing on all renewal features.

Restart httpd after renewal

#!/bin/sh
domain="example.com"
simp_le -d ${domain}:/var/www/html \
  -f key.pem -f cert.pem -f fullchain.pem ... && \
  service httpd reload

Note that service httpd reload will only be called if renewal happened, due to the way simp_le sets up its exit codes.

Remote server

#!/bin/sh
ssh root@example.com "mkdir -p /var/www/html/.well-known/acme-challenge; \
  chown $USER /var/www/html/.well-known/acme-challenge"
sshfs example.com:/var/www/html public_html
simp_le -d example.com:public_html ...

Importing data from the official letsencrypt client

If you were previously using https://github.com/letsencrypt/letsencrypt, you can easily import existing data:

#!/bin/sh
domain="example.com"
mkdir import
cd import
cp /etc/letsencrypt/accounts/*/directory/*/private_key.json account_key.json
# skip following 2 lines if you want fresh new certs
cp /etc/letsencrypt/live/${domain?}/*.pem .
mv privkey.pem key.pem
simp_le -d ${domain?}:/var/www/html \
  --account_key_size 2048 -f account_key.json \
  -f key.pem -f cert.pem -f chain.pem -f fullchain.pem

External plugin for full.pem (key, cert, chain)

Copy and paste the following snippet to $CWD/external.sh, chmod +x $CWD/external.sh and run simp_le -f account_key.json -f external.sh ....

#!/bin/sh
case $1 in
  save) cat - > full.pem;;
  load) cat full.pem || true;;
  persisted) echo key cert chain;;
esac
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.