github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Update description to reflect the fact that 'acme' is packaged for OpenWrt

master
Toke Høiland-Jørgensen 2020-05-04 10:35:39 +02:00
parent 5272f136ff
commit c25fa74ccf
1 changed files with 7 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
How-to-run-on-OpenWRT.md

@ -2,7 +2,11 @@ Setup and run acme.sh on your OpenWRT router and have https secured management.
### Step 1: Install packages ### Step 1: Install packages
`opkg install luci-ssl-openssl curl ca-bundle` `opkg install luci-ssl-openssl acme luci-app-acme`
If you want to use DNS-based certificate verificiation, also install the DNS providers:
`opkg install acme-dnsapi`
### Step 2: Configure Web Server ### Step 2: Configure Web Server
Here we'll tell uhttpd redirect to https Here we'll tell uhttpd redirect to https
@ -18,41 +22,7 @@ uci commit
### Step 3: Configure acme.sh and get your certificate ### Step 3: Configure acme.sh and get your certificate
On your router: On your router:
``` Navigate to `Services -> ACME certs` in LUCI and configure your certificate details. Make sure to select 'Use for uhttpd', and 'Enabled' for your configured certificate. If you prefer to use the command line, simply edit `/etc/config/acme`, and run `/etc/init.d/acme start` afterwards.
curl https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh > acme.sh
chmod a+x "acme.sh"
./acme.sh --install
cd /root/.acme.sh
DOMAIN=my.router.net ## this domain must actually point to your router
iptables -I input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME
./acme.sh --issue -d $DOMAIN -w /www
iptables -D input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME
```
Now if the certificate issue was successful we'll tell the web server to use our new certificate: ### Step 4: Configure Firewall
```
uci set uhttpd.main.key="$(pwd)/$DOMAIN/$DOMAIN.key"
uci set uhttpd.main.cert="$(pwd)/$DOMAIN/$DOMAIN.cer"
uci commit uhttpd
/etc/init.d/uhttpd restart
```
~~### Step 4: Modify crontab (automatic renew)~~
~~Run `crontab -e` to edit your crontab (use something like `export EDITOR="/usr/bin/nano"` if vim isn't your style). Edit to:~~
~~`0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" --pre-hook "iptables -I input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME" --post-hook "iptables -D input_rule -p tcp --dport 443 -j ACCEPT -m comment --comment ACME" --reloadcmd "/etc/init.d/uhttpd restart" >> /root/.acme.sh/log.txt 2>&1`~~
### Step 5: Configure Firewall
Open or Forward LUCI Port for external access. (use Webinterface) Open or Forward LUCI Port for external access. (use Webinterface)
## Other stuff which may help you:
https://forum.openwrt.org/viewtopic.php?id=65090
https://gist.github.com/t413/3e616611299b22b17b08baa517d2d02c