mirror of
https://git.busybox.net/buildroot.git
synced 2025-01-10 14:33:24 +08:00
2257c18c25
dehydrated is an ACME client written in bash. It should be able to run under zsh as well, but this hasn't been tested so it isn't enabled for now. Normally, we would want an init script to start dehydrated, and an example configuration file. However, it is very difficult to do this in a generic way in Buildroot: - we normally don't have cron running; - we have no standard location for webroot; - we have no standard location for certificates; - we have no standard way to restart/reload the webserver. So instead, provide brief documentation of how to use dehydrated in the help text. Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
34 lines
1.3 KiB
Plaintext
34 lines
1.3 KiB
Plaintext
config BR2_PACKAGE_DEHYDRATED
|
|
bool "dehydrated"
|
|
depends on BR2_USE_MMU # bash
|
|
select BR2_PACKAGE_BASH
|
|
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
|
|
select BR2_PACKAGE_LIBCURL
|
|
select BR2_PACKAGE_CURL
|
|
select BR2_PACKAGE_OPENSSL
|
|
select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL
|
|
select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL
|
|
help
|
|
Dehydrated is a client for signing certificates with an
|
|
ACME-server (e.g. Let's Encrypt) implemented as a relatively
|
|
simple (zsh-compatible) bash-script. This client supports
|
|
both ACME v1 and the new ACME v2 including support for
|
|
wildcard certificates!
|
|
|
|
To use this script in Buildroot:
|
|
- Create /etc/dehydrated/domains.txt
|
|
- Make sure that "dehydrated -c" is called regularly, e.g.
|
|
from cron.
|
|
- Make sure /etc/dehydrated is writable.
|
|
- Configure the webserver to export the WELLKNOWN directory
|
|
(/var/www/dehydrated) as /.well-known/acme-challenge
|
|
- Configure the webserver to use the certificates under
|
|
/etc/dehydrated/certs/<domain>
|
|
- Register a HOOK to reload the webserver after the
|
|
certificates have been renewed.
|
|
|
|
You probably need to install a custom /etc/dehydrated/config
|
|
with the rootfs overlay.
|
|
|
|
https://github.com/lukas2511/dehydrated
|