App-Acmeman
view release on metacpan or search on metacpan
do using its configuration file. This file, normally named
F</etc/acmeman.conf>, supplies the definitions of I<domain sources>,
i.e. configuration files from which to obtain domain names to form the
certificate CNs and other parameters. At a pinch, the list of domain names
can be declared in it as well. Several domain sources can be used
simultaneously. E.g. you can have B<acmeman> look for domain names in
B<Apache> and B<HAProxy> configurations and obtain an additional list of
domains from its own configuration, all in the same time.
In any case, B<acmeman> should be run as a periodic cron job, in order to
ensure that expiring certificates are updated in time. The usual crontab
entry (for Vixie cron) is
0 4 * * * root /usr/bin/acmeman
Exact interval configuration is entirely up to you. For Dillon cron, omit
the user name field.
When started this way, B<acmeman> will scan the existing certificates and
select those of them which will expire within a predefined amount of time
(24h by default, configurable by the B<core.time-delta> statement). Then
Sets the time window before the actual expiration time, when the certificate
becomes eligible for renewal. I<N> is time in seconds. The default
value is 86400, which means that B<acmeman> will attempt to renew any
certificate that expires within 24 hours.
The command line option B<--time-delta> overrides this setting.
=item B<postrenew=>I<COMMAND>
Defines the command to be run at the end of the run if at least one
certificate has been updated. Normally this command reloads the httpd
server (or whatever server is using the certificates). If more than one
B<postrenew> statements are defined, they will be run in sequence, in the
same order as they appeared in the configuration file.
I<COMMAND> inherits the environment from the B<acmeman> process, with the
following additional variables:
=over 8
=item ACMEMAN_CERTIFICATE_COUNT
A special directory should be configured for receiving ACME challenges.
The package provides two Apache macros: for serving ACME challenges and
declaring SSL virtual hosts.
Upon startup the program scans Apache configuration for virtual hosts
that use ACME certificates, checks their expiration times, and renews those
of the certificates that are nearing their expiration times within a
predefined number of seconds (24 hours by default). If any of the
certificates were updated during the run, B<acmeman> will restart the
B<httpd> server.
=head3 Setup
To set up the necessary infrastructure, run B<acmeman --setup>. It will
create the configuration file B<httpd-letsencrypt.conf>, defining two
macros for SSL-enabled sites (B<mod_macro> is needed). Finally, it will
create the directory B</var/www/acme>, which will be used for receiving
and serving ACME challenges. If another directory is preferred, it can
be specified as an argument to B<acmeman --setup>.
( run in 0.552 second using v1.01-cache-2.11-cpan-05444aca049 )