dehydrated | dehydrated-dns | dehydrated-http | dehydrated-reload
apt install dehydrated #dehydrated-apache2 rmdir /etc/dehydrated/conf.d/
pkg install dehydrated ln -s /usr/local/etc/dehydrated /etc/dehydrated ln -s /usr/local/www/dehydrated /var/lib/dehydrated echo weekly_dehydrated_enable=yes >> /etc/periodic.conf #echo daily_dehydrated_enable=yes >> /etc/rc.conf
# no exist ls -lhF /usr/local/bin/dehydrated git clone https://github.com/lukas2511/dehydrated.git cp -f dehydrated/dehydrated /usr/local/bin/ dehydrated -h mkdir /etc/dehydrated/
eventually a symlink to reach the certs easily
# no exist ls -lF /etc/dehydrated/certs ln -s /var/lib/dehydrated/certs /etc/dehydrated/certs
see dehydrated-http
see dehydrated-dns
you are now ready to use those CA-signed certs with e.g. NGINX, HAPROXY, Postfix and Dovecot.
see sslhappy-test
eventually make specific folders available for RSA and various ECC flavors
# debian mkdir -p /var/lib/dehydrated/certs/rsa/ mkdir -p /var/lib/dehydrated/certs/prime256v1/ mkdir -p /var/lib/dehydrated/certs/secp384r1/ # rhel mkdir -p /etc/dehydrated/certs/rsa/ mkdir -p /etc/dehydrated/certs/prime256v1/ mkdir -p /etc/dehydrated/certs/secp384r1/
more http01 options
dehydrated --cron --keep-going --algo rsa --out /var/lib/dehydrated/certs/RSA dehydrated --cron --keep-going --algo prime256v1 --out /var/lib/dehydrated/certs/prime256v1 dehydrated --cron --keep-going --algo secp384r1 --out /var/lib/dehydrated/certs/secp384r1
more dns01 options
dehydrated --cron --keep-going --config /etc/dehydrated/config-dns01 --algo rsa --out /var/lib/dehydrated/certs/RSA dehydrated --cron --keep-going --config /etc/dehydrated/config-dns01 --algo prime256v1 --out /var/lib/dehydrated/certs/prime256v1 dehydrated --cron --keep-going --config /etc/dehydrated/config-dns01 --algo secp384r1 --out /var/lib/dehydrated/certs/secp384r1
dealing with you own curve
dehydrated --signcsr $domain.csr --full-chain > $domain.crt
https://github.com/dehydrated-io/dehydrated
FW https://www.aaflalo.me/2016/09/dehydrated-bash-client-lets-encrypt/
https://github.com/lukas2511/dehydrated/blob/master/docs/wellknown.md
https://sysadmin.pm/dehydrated-letsencrypt/
https://github.com/lukas2511/dehydrated/issues/193
https://github.com/dehydrated-io/dehydrated/issues/420