un most part of it as an unpriviliged user, here is my crontab:
0 0 1 * * acme/usr/local/sbin/acme_update.sh
10 01 * * root cat /etc/acme-tiny/domain.key
/var/acme-tiny/signed_chain.crt > /etc/lighttpd/server.pem
20 01 * * root/etc/init.d/lighttpd restart
One co
as root that takes input fromÂ
> > the web? I'd rather not do that.
>
> You can run most part of it as an unpriviliged user, here is my crontab:
> 0 0 1 * * acme/usr/local/sbin/acme_update.sh
> 10 01 * * rootcat /etc/acme-tiny/domain.key
> /var/acme-tiny
re.
...
You can use https://letsencrypt.org/ instead of a self-signed cert:
Let's Encrypt is a free, automated, and open certificate authority
brought to you by the nonprofit Internet Security Research Group (ISRG).
It was pretty simple to get it to work with
https://github.com/diafygi/acme-tiny
Regards,
/Karl Hammar
> brought to you by the nonprofit Internet Security Research Group (ISRG).
>
> It was pretty simple to get it to work with
> https://github.com/diafygi/acme-tiny
It's not that easy to do it with internal-only systems as Let's Encrypt
requires the hostname to be known externally.
And there are plenty of devices you do not want the whole internet to know
about.
--
Joost
4 matches
Mail list logo