Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:tls:certs [2022/07/05 12:37] – created stokitodocs:guide-user:services:tls:certs [2023/06/07 04:58] – split articles stokito
Line 16: Line 16:
   * [[https://github.com/acmesh-official/acme.sh|acme.sh]] is small ACME client that uses shell script and has a LUCI app to configure. This is a recommended for OpenWrt.    * [[https://github.com/acmesh-official/acme.sh|acme.sh]] is small ACME client that uses shell script and has a LUCI app to configure. This is a recommended for OpenWrt. 
   * [[https://github.com/ndilieto/uacme|uacme]] lightweight ACME client written in plain C with minimal dependencies: libcurl and one of MbedTLS, OpenSSL or GnuTLS.   * [[https://github.com/ndilieto/uacme|uacme]] lightweight ACME client written in plain C with minimal dependencies: libcurl and one of MbedTLS, OpenSSL or GnuTLS.
-  * [[https://github.com/dehydrated-io/dehydrated|dehydrated]] a Bash script similar to acme.sh+  * Many others [[https://letsencrypt.org/docs/client-options/|ACME Client Implementations]]  
 + 
 +If you have already taken care of certificate automation see also [[:docs:guide-user:luci:getting_rid_of_luci_https_certificate_warnings#option_ainstalling_a_publicly_trusted_certificate|Installing publicly trusted certificate]].
  
  
 ===== ACME.sh ===== ===== ACME.sh =====
 +See [[docs:guide-user:services:tls:acme|acme.sh]]
  
-==== For  experienced users ==== +===== Self signed certs ===== 
-Use a command line and type ''opkg install acme luci-app-acme'' then edit ''/etc/config/acme'' and restart it with ''service acme restart''+See [[:docs:guide-user:services:webserver:uhttpd#https_enable_and_certificate_settings_and_creation|HTTPS Enable and Certificate Settings and Creation]] or [[:docs:guide-user:luci:getting_rid_of_luci_https_certificate_warnings#option_bcreating_installing_trusting_a_self-signed_certificate|Getting rid of LuCI HTTPS warnings]].
- +
-==== More easier way by using GUI ==== +
- +
-Open LUCI dashboard then in main menu go to ''System'' / ''Software''. Then click on ''Update lists...'' to load list of available packages. +
-The into the ''Filter'' search type ''luci-app-acme'' and press Enter. Click on install button. It should install acme.sh and its LUCI app to configure. +
- +
-To configure in LUCI in the main menu open ''Services'' / ''ACME certs''+
-Basic configuration: +
-  * ''Account email''put your email to receive expiry notices when your certificate is coming up for renewal. +
-  * You'll see a preconfigured EXAMPLE domain. We can change it for ourselves: +
-  * ''Enabled''Click to enable  +
-  * ''Use staging server''unselect the check +
-  * ''Use for uhttpd''you probably better to unselect this if not sure. +
-  * "Key size"Select "ECC 256 bits" +
-  * ''Domain names''change the example.org to your domain +
-  * Click on ''Save and Apply'' +
- +
-Now you'll need to wait for some time while the certificate will be generated. +
-After that you can find the certificates in ''/etc/acme/YOURDOMAIN'' folder e.g.: +
-  * /etc/acme/YOURDOMAIN/disk.stokito.com.key the TLS private key. Never share it! +
-  * /etc/acme/YOURDOMAIN/fullchain.cer the TLS certificate and chain of CA that signed it. +
- +
- +
  
 +===== Own Certificate Authority with PKI =====
 +See [[docs:guide-user:services:tls:pki|Installing and trusting a root CA certificate in a PKI]]
  • Last modified: 2024/05/05 07:41
  • by hnyman