Hi all,
As you all know, June 2021 will be EOL for acme.sh
version-1.
Now, I install socat
and I use the latest acme.sh
version (2.8.9).
Installation command:
As specified by: https://wiki.nethserver.org/doku.php?id=userguide:let_s_encrypt_for_internal_servers.
I use:
curl https://get.acme.sh | sh
From: https://github.com/acmesh-official/acme.sh/wiki/How-to-install
curl https://get.acme.sh | sh -s email=my@example.com
But it should be OK as I use Cloudflare.com as my dns server and I specify my email address with
# export CF_Email=my@example.com
and I get the certificate, and it’s working correctly.
QUESTION #1
- Can somebody confirm the need for
acme.sh
version-2 to installsocat
, as it is not installed by default. - The use of
acme.sh
without the option-s email=my@example.com
.
To be able to see the certificate in the NethServer Manager, you have to specify in pki
DB:
# config setprop pki ChainFile /etc/pki/tls/certs/cert-chain.crt
# config setprop pki CrtFile /etc/pki/tls/certs/cert.crt
# config setprop pki KeyFile /etc/pki/tls/private/cert.key
QUESTION #2
Can I specify the “full chain
” file instead of the “chain
” file.
QUESTION #3
In relation with QUESTION #2, what is the best “full chain
”:
ca-bundle.crt
or
ca-bundle.trust.crt
?
Thank you in advance,
Michel-André