readme fix
This commit is contained in:
parent
aeebe6c6e6
commit
483e7e7f05
1 changed files with 3 additions and 1 deletions
|
|
@ -58,6 +58,9 @@ acme_sh_email: ""
|
|||
You can look for every variables in the defaults folder and can set up the user, additional groups (e.g. if you want to use this with Docker), paths. It is important that every cert got an own folder and all of files stored here.
|
||||
|
||||
Hooks are different shell scripts to make easier to manage or modify them later. The acme.sh by default stores the hooks in base64 format in the config, however it is hard to determine that it is changed and this workaround makes easier to modify or debug it.
|
||||
> Hooks run only when acme.sh issues it, E.G. on a success cert creation or renew. So it is important to create the directory if you move the newly created keys.
|
||||
For example if you use [docker-nginx-proxy-with-nginx-gen](https://repo.theadam.eu/ansible-roles/docker-nginx-proxy-with-nginx-gen), make sure that nginx role runs before acme role, as it sets up the directory. And if you copy the certs into the nginx, it is important that the folder exists. An example for this, that copy fullchain.cer as your domain.com.crt and domain.com.key as domain.com.key to the Nginx certs. See more info about nginx-proxy docker-gen SSL handling [here](https://github.com/nginx-proxy/nginx-proxy/tree/main/docs#ssl-support).
|
||||
|
||||
|
||||
It is a good practice to create new user with the role for acme.sh. You can add it to Docker group or give limited sudo privileges so a possible attack can make harder to impact your server negative.
|
||||
|
||||
|
|
@ -65,4 +68,3 @@ It is a good practice to create new user with the role for acme.sh. You can add
|
|||
- Avoid resetting the default CA on every run
|
||||
- Set up notification system of acme.sh
|
||||
- Reconnect after adding acme to groups to avoid possible access denied problems
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue