Acme.sh: Feature-Request: install option to generate file with full chain + private key

Created on 15 Apr 2017 · 3Comments · Source: acmesh-official/acme.sh

CourierMTA, lighthttps, haproxy,... and other mail servers require a .pem file that contains not only the certificate but also the private key in the same file.
acme.sh --install
only allows the options:
--cert-file After issue/renew, the cert will be copied to this path.
--key-file After issue/renew, the key will be copied to this path.
--ca-file After issue/renew, the intermediate cert will be copied to this path.
--fullchain-file After issue/renew, the fullchain cert will be copied to this path.
I request a feature
--fullchain_and_key-file After issue/renew, the fullchain cert and the key will be copied to this path.

Source

MarcusWolschon

👍6

Most helpful comment

Just for the record, because I found this issue looking for direct haproxy support too, --reloadcmd can be used without installing key and fullchain first:

acme.sh \
  --install-cert \
  -d dom.tld \
  --reloadcmd \
    "cat \$CERT_KEY_PATH \$CERT_FULLCHAIN_PATH >/etc/haproxy/certs/dom.tld && \
    service haproxy restart"

yastupin on 26 Jul 2017

👍9

All 3 comments

you can combine the files by yourself in reloadcmd.

Neilpang on 15 Apr 2017

Thanks. I did not think of this possible workaround to solve the imediate issue

MarcusWolschon on 15 Apr 2017

Just for the record, because I found this issue looking for direct haproxy support too, --reloadcmd can be used without installing key and fullchain first:

acme.sh \
  --install-cert \
  -d dom.tld \
  --reloadcmd \
    "cat \$CERT_KEY_PATH \$CERT_FULLCHAIN_PATH >/etc/haproxy/certs/dom.tld && \
    service haproxy restart"

yastupin on 26 Jul 2017

👍9

Was this page helpful?

0 / 5 - 0 ratings