Last active
February 26, 2023 08:43
-
-
Save KevinMX/a0cc53d579d8fb4eea5768878855d266 to your computer and use it in GitHub Desktop.
UNAS OS 5 SSL cert using acme.sh and Cloudflare DNS API (replaces included Let's Encrypt script)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make sure you have root access / enabled sudo for your user. Here we use default admin user. | |
| # You may use any other users as well, as long as they got sudo. | |
| # Not a script yet, so please, check the notes and execute these lines manually. | |
| # Install socat and acme.sh script | |
| sudo apt update && sudo apt -y upgrade && sudo apt -y install socat | |
| curl https://get.acme.sh | sh -s email=$email | |
| # Get these tokens from Cloudflare | |
| export CF_Zone_ID="ZONEID" | |
| export CF_Account_ID="ACCOUNTID" | |
| export CF_Token="TOKEN" | |
| # Generate certificate | |
| export domain=mx.example.com | |
| # In case you don't want to use the default ZeroSSL CA | |
| # https://github.com/acmesh-official/acme.sh/wiki/Server | |
| #acme.sh --set-default-ca letsencrypt | |
| acme.sh --issue --dns dns_cf -d $domain | |
| # Install certificate, right now fullchain cert is not needed | |
| sudo chmod 777 -R /unas/etc/systemaccess/letsencrypt/cert | |
| acme.sh --install-cert -d $domain \ | |
| --cert-file /unas/etc/systemaccess/letsencrypt/cert/server.crt \ | |
| --key-file /unas/etc/systemaccess/letsencrypt/cert/server.key \ | |
| --reloadcmd "sudo systemctl force-reload apache2" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment