blob: f14ae0f6110c74cfa0916c4a243fbab2997d6a8e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
config BR2_PACKAGE_DEHYDRATED
bool "dehydrated"
depends on BR2_USE_MMU # bash
select BR2_PACKAGE_BASH
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
select BR2_PACKAGE_LIBCURL
select BR2_PACKAGE_CURL
select BR2_PACKAGE_OPENSSL
select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL
select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL
help
Dehydrated is a client for signing certificates with an
ACME-server (e.g. Let's Encrypt) implemented as a relatively
simple (zsh-compatible) bash-script. This client supports
both ACME v1 and the new ACME v2 including support for
wildcard certificates!
To use this script in Buildroot:
- Create /etc/dehydrated/domains.txt
- Make sure that "dehydrated -c" is called regularly, e.g.
from cron.
- Make sure /etc/dehydrated is writable.
- Configure the webserver to export the WELLKNOWN directory
(/var/www/dehydrated) as /.well-known/acme-challenge
- Configure the webserver to use the certificates under
/etc/dehydrated/certs/<domain>
- Register a HOOK to reload the webserver after the
certificates have been renewed.
You probably need to install a custom /etc/dehydrated/config
with the rootfs overlay.
https://github.com/lukas2511/dehydrated
|
