github
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh
1
0
Fork 0
Code Issues Releases Wiki Activity

Updated Stateless Mode (markdown)

master
Mike M Pestorich 2021-02-08 19:26:39 -08:00
parent c17db263c0
commit d69d7cebf0
1 changed files with 58 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
Stateless-Mode.md

@ -3,35 +3,65 @@
Configure your webserver to respond statelessly to challenges for a given account key. This requires nothing more than a one-time web server configuration change and no "moving parts". Configure your webserver to respond statelessly to challenges for a given account key. This requires nothing more than a one-time web server configuration change and no "moving parts".
1. First get your account key thumbprint: 1. First get your account key thumbprint:
``` ```
root@ed:~# acme.sh --register-account root@ed:~# acme.sh --register-account
[Mon Feb 6 21:40:18 CST 2017] Registering account [Mon Feb 6 21:40:18 CST 2017] Registering account
[Mon Feb 6 21:40:19 CST 2017] Already registered [Mon Feb 6 21:40:19 CST 2017] Already registered
[Mon Feb 6 21:40:21 CST 2017] Update success. [Mon Feb 6 21:40:21 CST 2017] Update success.
[Mon Feb 6 21:40:21 CST 2017] ACCOUNT_THUMBPRINT='6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd' [Mon Feb 6 21:40:21 CST 2017] ACCOUNT_THUMBPRINT='6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd'
```
Remember the thumbprint in the last line:
`
6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd
`
2. Configure the nginx server to return the account key thumbprint:
``` ```
http { Remember the thumbprint in the last line:
... `
6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd
`
1. Configure the web server to return the account key thumbprint:
### NGINX
Add something similar to your `nginx.conf`:
```
http {
...
server { server {
... ...
location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
default_type text/plain; default_type text/plain;
return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
} }
... ...
} }
} }
``` ```
### APACHE
Add something similar to your `httpd.conf`:
```
LoadModule php7_module libexec/apache2/libphp7.so
...
<VirtualHost *:80>
...
<IfModule php7_module>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
</IfModule>
...
<Directory "/PATH/TO/WWW/ROOT/.well-known/acme-challenge/">
RewriteEngine On
RewriteRule "^[-_a-zA-Z0-9]+$" "index.php"
</Directory>
...
</VirtualHost>
...
```
Then add `/PATH/TO/WWW/ROOT/.well-known/acme-challenge/index.php`:
```php
<?php
header("Content-Type: text/plain");
$token = array_pop(explode('/',$_SERVER['REQUEST_URI']));
echo "$token.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
?>
```
_NOTE that this approach uses PHP but something similar could be done with CGI, Perl, Ruby or pretty much any other server-side language._
3. Ok, you can issue cert now. 3. Ok, you can issue cert now.
``` ```