thanks danb35, i am sending emails now. (i wanted to raise alerts in UI first). i can't get this acme tool out of /root. even when i rellocated and change configuration it will stick to /root folder. also has trouble running via sudo and cron. the issue is /root is on unencrypted usb flash, and i'm tired of giving out more and more keys (e.g. cloudflare key) to "public". since jails are on encrypted system dataset, i think i should follow this method.
acme.sh can live anywhere. git clone the repo, then do ./acme.sh --install --home /path/to/wherever, and it will be installed to that location. Similarly, the deploy script can live anywhere. Either, or both, of these scripts can be on an encrypted pool. None of these things need to live in /root/. I remain unconvinced that there's any reason to put either script in a jail, unless you need to do the standalone validation.
true, and cron also has to use --home parameter. so finicky!
also it adds endless aliases to .rc files, won't upgrade .conf correctly, and it launches --reloadcmd in case certificate refresh is not needed. so i check exit code instead [[ ! $? == 2 ]] && <..mail about certificate was updated or another error..> || exit 0 i give up on this, this is unscriptable.. it's promising exit code 2 in logs, gives 0.. without reload_cmd it still calls deploy_freenas (from root again), without any reference in acme folder or rc. and deploy_freenas would have tons of hardcoded references to /root. this is too much, i will simply wait for cloudflare ACME in UI:)
deploy_freenas has no hardcoded references to /root/ that can't be overridden in the config file.
As to the issues you're seeing with acme.sh, I have no idea what's going on, and it certainly isn't my experience with that client. There are certainly other clients you could use, though acme.sh does have about the best DNS API support.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.