Tag Archives: nginx

acme no root


useradd -m -d /var/lib/acme -s /usr/sbin/nologin acme
chmod 700 /var/lib/acme

mkdir -p /var/www/EXAMPLE.com/.well-known/acme-challenge
chown acme.acme /var/www/EXAMPLE.com/.well-known/acme-challenge
chmod 755 /var/www/EXAMPLE.com/.well-known/acme-challenge

location ~ /.well-known {
allow all;
root /var/www/EXAMPLE.com;
}

visudo
acme ALL=(ALL) NOPASSWD: /usr/sbin/service nginx reload

sudo -s -u acme bash
export HOME=/var/lib/acme
cd /var/lib/acme

git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install

cd /var/lib/acme
.acme.sh/acme.sh --issue -d EXAMPLE.com -w /var/www/EXAMPLE.com

./acme.sh --issue -w /var/www/EXAMPLE.com -d EXAMPLE.com -d www.EXAMPLE.com

ssl_certificate /etc/nginx/auth-acme/EXAMPLE.com.crt;
ssl_certificate_key /etc/nginx/auth-acme/EXAMPLE.com.key;
ssl_trusted_certificate /etc/nginx/auth-acme/EXAMPLE.com.ca;

service nginx reload