Info SSL Certs
openssl x509 -noout -text -in example.crt
openssl s_client -showcerts -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -inform pem -noout -text
Info SSL CSR
openssl req -noout -text -in example.com.csr
Validate SSL Key|Cert
openssl x509 -noout -modulus -in example.com.key|openssl md5; openssl rsa -noout -modulus -in example.com.pem|openssl md5
acme.sh
acme.sh --issue -d example.com -d www.example.com -w /var/lib/letsencrypt --server letsencrypt_test \
--key-file /etc/nginx/ssl/example.com.key \
--fullchain-file /etc/nginx/ssl/example.com.crt \
--reloadcmd "/usr/sbin/nginx -s reload"
Request letsfncrypt wildcard certificate no-ecc (--keylength 2048) with route53 dns validation (--dns dns_aws) for nginx server.
export AWS_ACCESS_KEY_ID="XXX"
export AWS_SECRET_ACCESS_KEY="XXX"
export AWS_DNS_SLOWRATE=1
./acme.sh --issue --server letsencrypt --keylength 2048 --dns dns_aws -d example.com -d '*.example.com' --dnssleep 10 --reloadcmd "nginx -s reload"
Several aws accounts to validate
# .env
AWS_ACCESS_KEY_ID="XXX"
AWS_SECRET_ACCESS_KEY="XXX"
# crontab -e
10 20 * * * . /root/.aws/example.com/.env && "/root/.acme.sh"/acme.sh --renew --home "/root/.acme.sh" -d example.com > /dev/null