What is the best method for using acme on a new LEDE 18.06 router (WNDR3700v1).
I installed acme.sh from opkg but I'm not able to get it to issue certificates for my domain. logread complains about:
Sun Dec 22 16:51:44 2019 daemon.err run-acme[3482]: acme: port80 listens: 2716/uhttpd 2716/uhttpd
Sun Dec 22 16:51:44 2019 daemon.debug acme: Found uhttpd listening on port 80; trying to disable.
Sun Dec 22 16:51:44 2019 daemon.err run-acme[3482]: acme: Found uhttpd listening on port 80; trying to disable.
Sun Dec 22 16:51:45 2019 daemon.debug acme: Found uhttpd listening on port 80; trying to disable.
Sun Dec 22 16:51:45 2019 daemon.err run-acme[3482]: acme: Found uhttpd listening on port 80; trying to disable.
Sun Dec 22 16:51:45 2019 daemon.err run-acme[3482]: uci: Entry not found
Sun Dec 22 16:51:45 2019 daemon.err acme: LEDE.damnfbi.tk: Unable to find uhttpd listen config.
Sun Dec 22 16:51:45 2019 daemon.err run-acme[3482]: acme: LEDE.EXAMPLE.COM: Unable to find uhttpd listen config.
Sun Dec 22 16:51:45 2019 daemon.err acme: Manually disable uhttpd or set webroot to continue.
Sun Dec 22 16:51:45 2019 daemon.err run-acme[3482]: acme: Manually disable uhttpd or set webroot to continue.
While I seem to have acme.sh installed under /usr/lib/acme/acme.sh I can't run it without errors and it doesn't show up when I try to run 'acme.sh' from the cli . Is there a good tutorial somewhere on configuration when using the opkg acme package?
Yes, you're trying to invoke acme.sh with parameters which make it try to start its own web-server on port 80, while uhttpd is already running on port 80.
Like I said I use it manually without the init script supplied by the OpenWrt package. Here's my script to install/update certs. Like I also said, I use the dns-based authentication and not the http request to port 80 (as I don't want to explose luci to the internet).
#!/bin/sh
HOST="$(uci -q get system.@system[0].hostname | tr "A-Z" "a-z")"
[ -n "$HOST" ] || exit 0
/bin/ping -W 2 -w 2 -c 1 google.com >/dev/null 2>&1 || /bin/sleep 60
if [ -s "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.key" ] && \
[ -s "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.cer" ] && \
[ "$(uci -q get uhttpd.main.key)" == "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.key" ] && \
[ "$(uci -q get uhttpd.main.cert)" == "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.cer" ]; then
/usr/lib/acme/acme.sh --cron --home "/etc/acme" --reloadcmd "/etc/init.d/uhttpd restart"
else
rm -rf /etc/acme/${HOST}.domain.com >/dev/null 2>&1
CF_Key='*****' CF_Email='*****' /usr/lib/acme/acme.sh --home "/etc/acme" --issue --dns dns_cf -d ${HOST}.domain.com
if [ -s "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.key" ] && \
[ -s "/etc/acme/${HOST}.domain.com/${HOST}.domain.com.cer" ]; then
uci set uhttpd.main.key="/etc/acme/${HOST}.domain.com/${HOST}.domain.com.key"
uci set uhttpd.main.cert="/etc/acme/${HOST}.domain.com/${HOST}.domain.com.cer"
uci commit uhttpd
/etc/init.d/uhttpd restart
fi
fi
sed -i '\|/etc/init.d/acme start|d' /etc/crontabs/root