-
-
Save centminmod/889f8d32fbbd93f13611d855435af9a2 to your computer and use it in GitHub Desktop.
acme3.domain.com test for acmetool.sh for centminmod.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
./acmetool.sh webroot-issue acme3.domain1.com /home/nginx/domains/acme3.domain1.com/customwebroot | |
------------------------------------------------- | |
acmetool.sh is in beta testing phase | |
please read & provide bug reports & | |
feedback for this tool via the forums | |
https://community.centminmod.com/posts/34492/ | |
------------------------------------------------- | |
continue [y/n] ? y | |
----------------------------------------------------- | |
updating acme.sh client... | |
----------------------------------------------------- | |
[Thu Aug 18 03:50:34 UTC 2016] Installing to /root/.acme.sh | |
[Thu Aug 18 03:50:34 UTC 2016] Installed to /root/.acme.sh/acme.sh | |
[Thu Aug 18 03:50:35 UTC 2016] OK, Close and reopen your terminal to start using acme.sh | |
[Thu Aug 18 03:50:35 UTC 2016] Installing cron job | |
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null | |
[Thu Aug 18 03:50:35 UTC 2016] Good, bash is installed, change the shebang to use bash as prefered. | |
[Thu Aug 18 03:50:35 UTC 2016] OK | |
https://github.com/Neilpang/acme.sh | |
v2.4.1 | |
----------------------------------------------------- | |
acme.sh updated | |
----------------------------------------------------- | |
acme3.domain1.com nginx vhost + pureftp virtual ftp user setup | |
/usr/bin/nv -d acme3.domain1.com -s y -u *** | |
--------------------------------------------------------------- | |
Nginx Vhost Setup... | |
--------------------------------------------------------------- | |
FTP password auto generated: *** | |
Password: | |
Enter it again: | |
--------------------------------------------------------------- | |
SSL Vhost Setup... | |
--------------------------------------------------------------- | |
--------------------------------------------------------------- | |
Generating self signed SSL certificate... | |
CSR file can also be used to be submitted for paid SSL certificates | |
If using for paid SSL certificates be sure to keep both private key and CSR safe | |
creating CSR File: acme3.domain1.com.csr | |
creating private key: acme3.domain1.com.key | |
creating self-signed SSL certificate: acme3.domain1.com.crt | |
Generating a 2048 bit RSA private key | |
........................+++ | |
................................................+++ | |
writing new private key to 'acme3.domain1.com.key' | |
----- | |
No value provided for Subject Attribute C, skipped | |
No value provided for Subject Attribute ST, skipped | |
No value provided for Subject Attribute L, skipped | |
Signature ok | |
subject=/O=acme3.domain1.com/OU=acme3.domain1.com/CN=acme3.domain1.com | |
Getting Private key | |
--------------------------------------------------------------- | |
Generating dhparam.pem file - can take a few minutes... | |
Generating DH parameters, 2048 bit long safe prime, generator 2 | |
This is going to take a long time | |
.....++*++* | |
dhparam file generation time: 19.968457962 | |
------------------------------------------------------------- | |
/usr/local/src/centminmod/tools/autoprotect.sh | |
generated nginx include file: /usr/local/nginx/conf/autoprotect/acme3.domain1.com/autoprotect-acme3.domain1.com.conf | |
autoprotect.sh run completed... | |
Restarting nginx (via systemctl): [ OK ] | |
Restarting nginx (via systemctl): [ OK ] | |
systemctl restart pure-ftpd.service | |
------------------------------------------------------------- | |
FTP hostname : IPDDR | |
FTP port : 21 | |
FTP mode : FTP (explicit SSL) | |
FTP Passive (PASV) : ensure is checked/enabled | |
FTP username created for acme3.domain1.com : *** | |
FTP password created for acme3.domain1.com : *** | |
------------------------------------------------------------- | |
vhost for acme3.domain1.com created successfully | |
domain: http://acme3.domain1.com | |
vhost conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf | |
vhost ssl for acme3.domain1.com created successfully | |
domain: https://acme3.domain1.com | |
vhost ssl conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf | |
/usr/local/nginx/conf/ssl_include.conf created | |
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.crt | |
SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.key | |
SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.csr | |
Backup SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.key | |
Backup SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.csr | |
upload files to /home/nginx/domains/acme3.domain1.com/public | |
vhost log files directory is /home/nginx/domains/acme3.domain1.com/log | |
------------------------------------------------------------- | |
Current vhost listing at: /usr/local/nginx/conf/conf.d/ | |
Aug 1 19:22 2.1K acme2.domain1.com.conf | |
Aug 1 19:22 2.2K acme.domain1.com.conf | |
Aug 1 19:22 4.4K acme2.domain1.com.ssl.conf | |
Aug 1 19:22 845 ssl.conf | |
Aug 1 19:22 1.1K demodomain.com.conf | |
Aug 1 19:22 4.4K acme.domain1.com.ssl.conf | |
Aug 1 19:22 1.9K virtual.conf | |
Aug 13 14:22 2.1K acme1.domain1.com.conf | |
Aug 13 14:22 4.0K acme1.domain1.com.ssl.conf | |
Aug 18 03:51 2.1K acme3.domain1.com.conf | |
Aug 18 03:51 4.0K acme3.domain1.com.ssl.conf | |
------------------------------------------------------------- | |
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/acme3.domain1.com | |
Aug 18 03:50 1.7K acme3.domain1.com.key | |
Aug 18 03:50 989 acme3.domain1.com.csr | |
Aug 18 03:50 1.2K acme3.domain1.com.crt | |
Aug 18 03:50 1.7K acme3.domain1.com-backup.key | |
Aug 18 03:50 989 acme3.domain1.com-backup.csr | |
Aug 18 03:50 45 hpkp-info-primary-pin.txt | |
Aug 18 03:50 45 hpkp-info-secondary-pin.txt | |
Aug 18 03:51 424 dhparam.pem | |
------------------------------------------------------------- | |
Commands to remove acme3.domain1.com | |
pure-pw userdel *** | |
rm -rf /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf | |
rm -rf /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf | |
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.crt | |
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.key | |
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.csr | |
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com | |
rm -rf /home/nginx/domains/acme3.domain1.com | |
service nginx restart | |
------------------------------------------------------------- | |
vhost for acme3.domain1.com setup successfully | |
acme3.domain1.com setup info log saved at: | |
/root/centminlogs/centminmod_180816-035035_nginx_addvhost_nv.log | |
------------------------------------------------------------- | |
adjusting /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf | |
change web root: | |
from: | |
to: /home/nginx/domains/acme3.domain1.com/customwebroot | |
root /home/nginx/domains/acme3.domain1.com/customwebroot; | |
adjusting /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf | |
change web root: | |
from: | |
to: /home/nginx/domains/acme3.domain1.com/customwebroot | |
root /home/nginx/domains/acme3.domain1.com/customwebroot; | |
grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf | |
root /home/nginx/domains/acme3.domain1.com/customwebroot; | |
grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf | |
root /home/nginx/domains/acme3.domain1.com/customwebroot; | |
----------------------------------------------------------- | |
issue & install letsencrypt ssl certificate for acme3.domain1.com | |
----------------------------------------------------------- | |
/root/.acme.sh/acme.sh --staging --issue -d acme3.domain1.com -w /home/nginx/domains/acme3.domain1.com/customwebroot -k ec-256 --useragent centminmod-centos7-acmesh-webroot | |
[Thu Aug 18 03:51:26 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org | |
[Thu Aug 18 03:51:29 UTC 2016] Registering account | |
[Thu Aug 18 03:51:35 UTC 2016] Already registered | |
[Thu Aug 18 03:51:35 UTC 2016] Creating domain key | |
[Thu Aug 18 03:51:35 UTC 2016] Use length 256 | |
[Thu Aug 18 03:51:35 UTC 2016] Using ec name: prime256v1 | |
[Thu Aug 18 03:51:35 UTC 2016] Single domain='acme3.domain1.com' | |
[Thu Aug 18 03:51:35 UTC 2016] Verify each domain | |
[Thu Aug 18 03:51:35 UTC 2016] Getting webroot for domain='acme3.domain1.com' | |
[Thu Aug 18 03:51:35 UTC 2016] Getting token for domain='acme3.domain1.com' | |
[Thu Aug 18 03:51:41 UTC 2016] Verifying:acme3.domain1.com | |
[Thu Aug 18 03:51:53 UTC 2016] Success | |
[Thu Aug 18 03:51:53 UTC 2016] Verify finished, start to sign. | |
[Thu Aug 18 03:52:00 UTC 2016] Cert success. | |
-----BEGIN CERTIFICATE----- | |
MIIEIjCCAwqgAwIBAgITAPpj24sLhHf1bFpstZ/vM3kHLTANBgkqhkiG9w0BAQsF | |
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA4MTgw | |
MjUyMDBaFw0xNjExMTYwMjUyMDBaMB8xHTAbBgNVBAMTFGFjbWUzLmNlbnRtaW5t | |
b2QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6ohDC8gIO21qPOwEwKpp | |
U19MzjaIqffw1/ssssssssssssssssssssddBgNVHSUEFjAUBggrBgEFBQcDAQYI | |
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUOcYxRj3whiriFsDbk29O | |
lGvgavQwHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDoweAYIKwYBBQUH | |
AQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNl | |
bmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jZXJ0LnN0Zy1pbnQteDEu | |
bGV0c2VuY3J5cHQub3JnLzAfBgNVHREEGDAWghRhY21lMy5jZW50bWlubW9kLmNv | |
bTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI | |
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC | |
AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g | |
YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0 | |
aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5 | |
cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQA5FizBSptl8KBQ | |
lgXuVTH20qAgue3KCNEJ8vPWAlu1/9huAVeu+FSwXo0oHlBUlYMjd3Ikvw9FLAbe | |
deGYqLqa8Je3eW8LQB/CrdN8IZ/XJhuJaR9Py5PaqZgD/vDaxmHXEjrBpvtJPJCU | |
Ve8dy5uPvHmLkEIKNZm/3o6ox7xtM13SvgqrlUdPnKH3vmJOf5/Azy7TDtj7rco4 | |
45c7XU/m6lL1cIbXZNHHgzUyT98NjIDSfkea9ol+18qB5xxO9lr3JDKgmzBHv7AX | |
WwD1WN6xsiUR13yjR9Ier7gj9E9YvA6O+d709o2Nwu1Ha6euVueCVFaJ8gcR26Om | |
R5Gz+EtX | |
-----END CERTIFICATE----- | |
[Thu Aug 18 03:52:00 UTC 2016] Your cert is in /root/.acme.sh/acme3.domain1.com_ecc/acme3.domain1.com.cer | |
[Thu Aug 18 03:52:01 UTC 2016] The intermediate CA cert is in /root/.acme.sh/acme3.domain1.com_ecc/ca.cer | |
[Thu Aug 18 03:52:01 UTC 2016] And the full chain certs is there: /root/.acme.sh/acme3.domain1.com_ecc/fullchain.cer | |
ssl_certificate /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer; | |
ssl_certificate_key /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key; | |
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer; | |
----------------------------------------------------------- | |
install cert | |
----------------------------------------------------------- | |
/root/.acme.sh/acme.sh --installcert -d acme3.domain1.com --certpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key --ecc | |
[Thu Aug 18 03:52:01 UTC 2016] Installing cert to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer | |
[Thu Aug 18 03:52:01 UTC 2016] Installing CA to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer | |
[Thu Aug 18 03:52:01 UTC 2016] Installing key to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key | |
[Thu Aug 18 03:52:01 UTC 2016] Installing full chain to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key | |
[Thu Aug 18 03:52:01 UTC 2016] Run Le_ReloadCmd: /usr/bin/ngxreload | |
Reloading nginx configuration (via systemctl): [ OK ] | |
[Thu Aug 18 03:52:01 UTC 2016] Reload success | |
letsencrypt ssl certificate setup completed | |
ssl certs located at: /usr/local/nginx/conf/ssl/acme3.domain1.com | |
openssl x509 -noout -text < /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer | |
Certificate: | |
Data: | |
Version: 3 (0x2) | |
Serial Number: | |
fa:63:db:8b:0b:84:77:f5:6c:5a:6c:b5:9f:ef:33:79:07:2d | |
Signature Algorithm: sha256WithRSAEncryption | |
Issuer: CN=Fake LE Intermediate X1 | |
Validity | |
Not Before: Aug 18 02:52:00 2016 GMT | |
Not After : Nov 16 02:52:00 2016 GMT | |
Subject: CN=acme3.domain1.com | |
Subject Public Key Info: | |
Public Key Algorithm: id-ecPublicKey | |
Public-Key: (256 bit) | |
pub: | |
04:ea:88:43:0b:c8:08:3b:6d:6a:3c:ec:04:c0:aa: | |
69:53:5f:4c:ce:36:88:a9:f7:f0:d7:ff:ff:cd:3a: | |
fc:7b:1a:52:99:29:ba:95:e9:f9:c9:5d:49:9d:37: | |
88:85:12:48:15:b1:55:84:40:f3:c4:99:db:a6:ab: | |
e2:a1:60:ac:77 | |
ASN1 OID: prime256v1 | |
X509v3 extensions: | |
X509v3 Key Usage: critical | |
Digital Signature | |
X509v3 Extended Key Usage: | |
TLS Web Server Authentication, TLS Web Client Authentication | |
X509v3 Basic Constraints: critical | |
CA:FALSE | |
X509v3 Subject Key Identifier: | |
39:C6:31:46:3D:F0:86:2A:E2:16:C0:DB:93:6F:4E:94:6B:E0:6A:F4 | |
X509v3 Authority Key Identifier: | |
keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A | |
Authority Information Access: | |
OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org/ | |
CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/ | |
X509v3 Subject Alternative Name: | |
DNS:acme3.domain1.com | |
X509v3 Certificate Policies: | |
Policy: 2.23.140.1.2.1 | |
Policy: 1.3.6.1.4.1.44947.1.1.1 | |
CPS: http://cps.letsencrypt.org | |
User Notice: | |
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/ | |
Signature Algorithm: sha256WithRSAEncryption | |
39:16:2c:c1:4a:9b:65:f0:a0:50:96:05:ee:55:31:f6:d2:a0: | |
20:b9:ed:ca:08:d1:09:f2:f3:d6:02:5b:b5:ff:d8:6e:01:57: | |
ae:f8:54:b0:5e:8d:28:1e:50:54:95:83:23:77:72:24:bf:0f: | |
45:2c:06:de:75:e1:98:ff:ba:9a:f0:97:b7:79:6f:0b:40:1f: | |
c2:ad:d3:7c:21:9f:d7:26:1b:89:69:1f:4f:cb:93:da:a9:98: | |
03:fe:f0:da:c6:61:d7:12:3a:c1:a6:fb:49:3c:90:94:55:ef: | |
1d:cb:9b:8f:bc:79:8b:9f:42:0a:35:99:bf:de:8e:a8:c7:bc: | |
6d:33:5d:d2:be:0a:ab:95:47:4f:9c:a1:f7:be:62:4e:7f:9f: | |
c0:cf:2e:d3:0e:d8:fb:ad:ca:38:e3:97:3b:5d:4f:e6:ea:52: | |
f5:70:86:d7:64:d1:c7:83:35:32:4f:df:0d:8c:80:d2:7e:47: | |
9a:f6:89:7e:d7:ca:81:e7:1c:4e:f6:5a:f7:24:32:a0:9b:30: | |
47:bf:b0:17:5b:00:f5:58:de:b1:b2:25:11:d7:7c:a3:47:d2: | |
1e:af:b8:23:f4:4f:58:bc:0e:8e:f9:de:f4:f6:8d:8d:c2:ed: | |
47:6b:a7:ae:56:e7:82:54:56:89:f2:07:11:db:a3:a6:47:91: | |
b3:f8:4b:57 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment