github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Document missing ssh deploy plugin options: Multiple servers, Custom ports, Using SCP, Custom SCP command

master
Jacobo de Vera 2025-08-31 21:28:59 +01:00
parent 2c9f531693
commit adf9cabd29
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
deployhooks.md

@ -65,11 +65,10 @@ export DEPLOY_SSH_CAFILE=filename for intermediate CA file
export DEPLOY_SSH_FULLCHAIN=filename for fullchain file
export DEPLOY_SSH_REMOTE_CMD=command to execute on remote host
export DEPLOY_SSH_BACKUP=yes or no
```
Added in Acme release 2.8.6...
```
export DEPLOY_SSH_BACKUP_PATH=path on remote server to backup certificates
export DEPLOY_SSH_MULTI_CALL=yes or no
export DEPLOY_SSH_USE_SCP=yes or no
export DEPLOY_SSH_SCP_CMD=yes or no
```
**DEPLOY_SSH_USER**
Username at the remote host that SSH will login with. Note that
@ -81,18 +80,16 @@ The USER@URL at the remote server must also have has permissions to write to
the target location of the certificate files and to execute any commands
(e.g. to stop/start services).
**DEPLOY_SSH_SERVER**
A list of servers separated by spaces that the certificate will be deployed to. Each server can be a HOST NAME or IP Address of the remote server. If not provided then the domain name provided on the `acme.sh --deploy` command line is used. When several values are set, all the deployment options (file paths, commands, etc.) apply to all.
Optionally, each server can include a port number separated by a colon `:`, e.g. `server.example.com 10.1.1.15 server2.example.com:10022`
**DEPLOY_SSH_CMD**
You can customize the ssh command used to connect to the remote host. For example
if you need to connect to a specific port at the remote server you can set this
to, for example, "ssh -p 22" or to use `sshpass` to provide password inline
instead of exchanging ssh keys (this is not recommended, using keys is
to use `sshpass` to provide password inline instead of exchanging ssh keys (this is not recommended, using keys is
more secure). Defaults to "ssh -T"
**DEPLOY_SSH_SERVER**
URL or IP Address of the remote server. If not provided then the domain
name provided on the acme.sh --deploy command line is used.
New in Acme release 2.8.7 this may be space separated list of servers to which exactly the
same deploy commands can be sent.
**DEPLOY_SSH_KEYFILE**
Target path and filename _on the remote server_ for the private key issued by LetsEncrypt.
@ -141,6 +138,13 @@ is not long enough to hold all the data sent in SSH. This is known to
affect servers using busybox. By setting this value to "yes" the certificate
deployment process is split into multiple SSH calls to work around this problem.
**DEPLOY_SSH_USE_SCP**
By default, this plugin writes the certificates on the remote host by running an SSH command that prints the contents and then pipes them to the destination file. This can result in a command that is too large for systems, even when `DEPLOY_SSH_MULTI_CALL` is used. Setting `DEPLOY_SSH_USE_SCP` to `yes` will instead use `scp` to transfr the certificate files to the destination server.
**DEPLOY_SSH_SCP_CMD**
You can customize the `scp` command that is used to transfer certificate files when `DEPLOY_SSH_USE_SCP` is enabled. By default this is `scp -q`.
### Examples using SSH deploy
The following example illustrates deploying certificates to a QNAP NAS
(tested with QTS version 4.2.3)