mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 17:59:20 -04:00
ea15c33039
PR: 246379 Submitted by: Matthew Horan <matt@matthoran.com> (maintainer) Sponsored by: Netzkommune GmbH
47 lines
1.4 KiB
Text
47 lines
1.4 KiB
Text
[
|
|
{ type: install
|
|
message: <<EOM
|
|
There are sample scripts in
|
|
%%ETCDIR%%
|
|
that you can use for renewing and deploying certificates.
|
|
|
|
In order to run the script regularly to update the certificates add this line
|
|
to /etc/periodic.conf:
|
|
|
|
weekly_lego_enable="YES"
|
|
|
|
Additionally the following parameters may be added to /etc/periodic.conf:
|
|
|
|
Script to run to renew certificates, will be run as %%LEGO_USER%% (required)
|
|
weekly_lego_renewscript="%%ETCDIR%%/lego.sh"
|
|
|
|
To run a script after the renewal to deploy certificates
|
|
weekly_lego_deployscript="%%ETCDIR%%/deploy.sh"
|
|
|
|
Note that the deploy script is provided as a sample and may need to be modified
|
|
for your environment. The script will attempt to deploy certificates to
|
|
%%ETCDIR%%/ssl/certs
|
|
and private keys to
|
|
%%ETCDIR%%/ssl/private.
|
|
The script also tries to restart nginx.
|
|
|
|
If using the sample renew script, add the domains for which lego will manage
|
|
certificates to
|
|
%%ETCDIR%%/domains.txt, one domain on each line.
|
|
|
|
To add a Subject Alternate Name to the certificate, append the domain(s) to the
|
|
line:
|
|
example.com www.example.com
|
|
|
|
To run lego for the first time, edit
|
|
%%ETCDIR%%/lego.sh
|
|
and set the EMAIL variable.
|
|
|
|
Then run lego.sh with the run argument as the %%LEGO_USER%% user:
|
|
$ %%ETCDIR%%/lego.sh run
|
|
|
|
Subsequent periodic runs will run with the renew argument by default, with a
|
|
renewal interval of 30 days.
|
|
EOM
|
|
}
|
|
]
|