Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:services:tls:certs [2022/09/15 19:27] – [More easier way by using GUI] stokitodocs:guide-user:services:tls:certs [2023/06/07 04:58] – split articles stokito
Line 16: Line 16:
   * [[https://github.com/acmesh-official/acme.sh|acme.sh]] is small ACME client that uses shell script and has a LUCI app to configure. This is a recommended for OpenWrt.    * [[https://github.com/acmesh-official/acme.sh|acme.sh]] is small ACME client that uses shell script and has a LUCI app to configure. This is a recommended for OpenWrt. 
   * [[https://github.com/ndilieto/uacme|uacme]] lightweight ACME client written in plain C with minimal dependencies: libcurl and one of MbedTLS, OpenSSL or GnuTLS.   * [[https://github.com/ndilieto/uacme|uacme]] lightweight ACME client written in plain C with minimal dependencies: libcurl and one of MbedTLS, OpenSSL or GnuTLS.
-  * [[https://github.com/dehydrated-io/dehydrated|dehydrated]] a Bash script similar to acme.shUsed rarely+  * Many others [[https://letsencrypt.org/docs/client-options/|ACME Client Implementations]]  
 + 
 +If you have already taken care of certificate automation see also [[:docs:guide-user:luci:getting_rid_of_luci_https_certificate_warnings#option_ainstalling_a_publicly_trusted_certificate|Installing publicly trusted certificate]].
  
  
 ===== ACME.sh ===== ===== ACME.sh =====
- +See [[docs:guide-user:services:tls:acme|acme.sh]]
-==== For  experienced users ==== +
-Use a command line and type ''opkg install acme luci-app-acme'' then edit ''/etc/config/acme'' and restart it with ''service acme restart''+
- +
-==== More easier way by using GUI ==== +
- +
-Open LUCI dashboard then in main menu go to ''System'' / ''Software''. Then click on ''Update lists...'' to load list of available packages. +
-The into the ''Filter'' search type ''luci-app-acme'' and press Enter. Click on install button. It should install acme.sh and its LUCI app to configure. +
- +
-To configure in LUCI in the main menu open ''Services'' / ''ACME certs''+
-Basic configuration: +
-  * ''Account email'': put your email to receive expiry notices when your certificate is coming up for renewal. +
-  * You'll see a preconfigured EXAMPLE domain. We can change it for ourselves: +
-  * ''Enabled'': Click to enable  +
-  * ''Use staging server'': unselect the check +
-  * ''Use for uhttpd'': you probably better to unselect this if not sure. +
-  * ''Key size'': Select ''ECC 256 bits''. The key will be based on an elliptic curve which is more efficient than RSA. +
-  * ''Domain names'': change the example.org to your domain +
-  * Click on ''Save and Apply'' +
- +
-Now you'll need to wait for some time while the certificate will be generated. +
-After that you can find the certificates in ''/etc/acme/YOURDOMAIN_ecc'' folder e.g.: +
-  * ''/etc/acme/YOURDOMAIN_ecc/YOURDOMAIN.key'' the TLS private key. Never share it! +
-  * ''/etc/acme/YOURDOMAIN_ecc/fullchain.cer'' the TLS certificate and chain of CA that signed it. +
- +
-You can use them in nginx, uhttpd, lighttpd, [[docs:guide-user:services:email:emailrelay|EmailRelay]] and any other server that you want to configure with TLS.+
  
 ===== Self signed certs ===== ===== Self signed certs =====
-See [[:docs:guide-user:services:webserver:uhttpd#https_enable_and_certificate_settings_and_creation|HTTPS Enable and Certificate Settings and Creation]] +See [[:docs:guide-user:services:webserver:uhttpd#https_enable_and_certificate_settings_and_creation|HTTPS Enable and Certificate Settings and Creation]] or [[:docs:guide-user:luci:getting_rid_of_luci_https_certificate_warnings#option_bcreating_installing_trusting_a_self-signed_certificate|Getting rid of LuCI HTTPS warnings]].
  
 +===== Own Certificate Authority with PKI =====
 +See [[docs:guide-user:services:tls:pki|Installing and trusting a root CA certificate in a PKI]]
  • Last modified: 2024/05/05 07:41
  • by hnyman