Get latest version
wget https://github.com/go-acme/lego/releases/download/v3.2.0/lego_v3.2.0_linux_amd64.tar.gz -qO- | tar -C /tmp -xz lego
# stop service on port 80 / 443 service nginx stop service apache2 stop # Request certificate /tmp/lego --accept-tos --email="foo@bar.com" --domains="bar.com" --http run # Request wildcard certificate /tmp/lego --accept-tos --email="foo@bar.com" --domains="bar.com" --domains="*.bar.com" --dns manual run # restart service on port 80 / 443 service nginx start service apache2 start
Show certificates
ll ~/.lego/certificates/
OpenStack Designate
# test with designage /tmp/lego --accept-tos --email="foo@bar.com" --domains="*.bar.com" --dns designate run ... designate: some credentials information are missing: OS_AUTH_URL,OS_USERNAME,OS_PASSWORD,OS_TENANT_NAME,OS_REGION_NAME
Request wildcart certificate
./lego \ --server https://acme-v02.api.letsencrypt.org/directory \ --accept-tos=true \ --dns.resolvers="ns1.example.com:53" \ --dns.resolvers="ns2.example.com:53" \ --email="info@example.com" \ --dns=nictool \ --key-type=rsa2048 \ --pem \ --domains="*.${DOMAIN}" \ run
Renew certificates
https://go-acme.github.io/lego/usage/cli/examples/
lego \
--dns=nictool \
--accept-tos=true \
--dns.resolvers="ns1.example.com:53" \
--dns.resolvers="ns2.example.com:53" \
--email="info@example.com" \
--key-type=rsa2048 \
--pem \
--domains="*.${DOMAIN}" \
renew \
--days 60EXPIRING_IN_DAYS=60 DOMAINS=$(find ~/.lego/certificates/ -name "*.pem" -mtime +${EXPIRING_IN_DAYS} -printf "%f\n" | tr -s "_" "*") for DOMAIN in ${DOMAINS}; do DOMAIN=${DOMAIN%.*} ... done
Links
https://github.com/go-acme/lego
https://go-acme.github.io/lego/dns/designate/