You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+6-6Lines changed: 6 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for auto
3
3
4
4
## Features
5
5
***Bash** - It runs on virtually all unix machines, including BSD, most Linux distributions, MAC OSX.
6
-
***Get certificates for remote servers** - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, as it's a shared server for example.
6
+
***Get certificates for remote servers** - The tokens used to provide validation of domain ownership, and the certificates themselves can be automatically copied to remote servers (via ssh, sftp or ftp for tokens). The script doesn't need to run on the server itself. This can be useful if you don't have access to run such scripts on the server itself, e.g. if it's a shared server.
7
7
***Runs as a daily cron** - so certificates will be automatically renewed when required.
8
8
***Automatic certificate renewals**
9
9
***Checks certificates are correctly loaded**. After installation of a new certificate it will test the port specified ( see [Server-Types](#server-types) for options ) that the certificate is actually being used correctly.
@@ -100,7 +100,7 @@ reloading SSL services
100
100
**This will (by default) use the staging server, so should give you a certificate that isn't trusted ( Fake Let's Encrypt).**
101
101
Change the server in your config file to get a fully valid certificate.
102
102
103
-
**Note:** Verification is done via port 80(http), port 443(https) or dns. The certificate can be used (and checked with getssl) on alternate ports.
103
+
**Note:** Verification is done via port 80(http), port 443(https) or dns. The certificate can be used (and checked with getssl) on alternate ports.
104
104
105
105
## Automating updates
106
106
@@ -142,7 +142,7 @@ RENEW_ALLOW="30"
142
142
SSLCONF="/usr/lib/ssl/openssl.cnf"
143
143
```
144
144
145
-
then, within the **working directory** there will be a folder for each certificate (based on it's domain name). Within that folder will be a config file (again called getssl.cfg). An example of which is;
145
+
then, within the **working directory** there will be a folder for each certificate (based on its domain name). Within that folder will be a config file (again called getssl.cfg). An example of which is;
146
146
147
147
```
148
148
# Uncomment and modify any variables you need
@@ -252,16 +252,16 @@ these are available in getssl to check if the certificate is installed correctly
252
252
| port number |||
253
253
254
254
255
-
##Revoke a certificate
255
+
##Revoke a certificate
256
256
257
257
In general revoking a certificate is not required.
You need to specify both the certificate you want to revoke, and the account or private domain key which was used to sign / obtain the original certificate. The CA_server is an optional parameter and defaults to Let's Encrypt ( "https://acme-v01.api.letsencrypt.org" ) as that is currently the only Certificate Authority using the ACME protocol.
262
262
263
263
264
-
##Elliptic curve keys
264
+
##Elliptic curve keys
265
265
You can use Elliptic curve keys for both the account key and the domain key (different of course, don't use the same key for both). prime256v1 (NIST P-256) and secp384r1 (NIST P-384) are both fully supported. secp521r1 (NIST P-521) is included in the code, but not currently supported by Let's Encrypt).
0 commit comments