Once installed acme, socat and luci-app-acme I was able to obtain the certificate. And it works. So far so good.
However, I had to stop lighttpd manually first and I had to create the pem file manually afterwards. Although easy to do how to get this to work automatically?
Is this something for /etc/config/acme? Or should I run acme.sh in a cron as it seems to have the --pre-hook and --post-hook needed?
Two months later I owe you the solution for this issue.
I disabled acme in LuCI as it doesn't disable lighttpd and therefore fails. The DNS mode was not an option so I decided to write a script and run it in a cron job.
The first challenge is when to renew the certificate. The script runs every day at the same time and checks if it is possible to renew.
If it is, it stops the lighttpd webserver, issues the acme renew request and starts the webserver again. This is the result:
NRT=$(grep Le_NextRenewTime= /etc/acme/<mydomain.com>/<mydomain.com>.conf | sed -e "s,',,g" -e 's,Le_NextRenewTime=,,')
echo | tee -a $LOG
echo "$(date): CurrentTime = $NOW" | tee -a $LOG
echo "$(date): NextRenewTime = $NRT" | tee -a $LOG
if [ $NOW -gt $NRT ]; then
echo "$(date): Renew certificate" | tee -a $LOG
echo "$(date): /etc/init.d/lighttpd stop" | tee -a $LOG
/etc/init.d/lighttpd stop 2>&1 | tee -a $LOG
/usr/lib/acme/acme.sh --home /etc/acme --renew -d <mydomain.com> \
--accountemail root@<mydomain.com> --standalone 2>&1 | tee -a $LOG
echo "$(date): /etc/init.d/lighttpd start" | tee -a $LOG
/etc/init.d/lighttpd start 2>&1 | tee -a $LOG
echo "$(date): create pemfile for lighttpd" | tee -a $LOG
cat <mydomain.com>.key <mydomain.com>.cer > /etc/lighttpd/ssl/<mydomain.com>.pem 2>&1 | tee -a $LOG
echo "$(date): EstimatedTimeToRenew = $((NRT-NOW))" | tee -a $LOG
As you can see the script creates the correct pemfile for lighttpd from the .key and .cer files created by acme.sh as its --cert-file and --key-file switches don't seem to work.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.