From d527e9ad55809f37d3107fc89a2210c25627a573 Mon Sep 17 00:00:00 2001 From: Dimitri Sokolyuk Date: Thu, 25 Feb 2016 23:29:50 +0100 Subject: Cleanup --- acme.conf | 37 -------------------------------- acme.dot | 29 ------------------------- acme.toml | 60 ---------------------------------------------------- acme.yaml | 23 -------------------- cmd/acme/dim13.hcl | 53 ---------------------------------------------- cmd/acme/dim13.toml | 41 ----------------------------------- cmd/acme/docker.hcl | 43 ------------------------------------- cmd/acme/docker.toml | 38 --------------------------------- doc/acme.dot | 29 +++++++++++++++++++++++++ doc/acme.yml | 23 ++++++++++++++++++++ 10 files changed, 52 insertions(+), 324 deletions(-) delete mode 100644 acme.conf delete mode 100644 acme.dot delete mode 100644 acme.toml delete mode 100644 acme.yaml delete mode 100644 cmd/acme/dim13.hcl delete mode 100644 cmd/acme/dim13.toml delete mode 100644 cmd/acme/docker.hcl delete mode 100644 cmd/acme/docker.toml create mode 100644 doc/acme.dot create mode 100644 doc/acme.yml diff --git a/acme.conf b/acme.conf deleted file mode 100644 index b05faf3..0000000 --- a/acme.conf +++ /dev/null @@ -1,37 +0,0 @@ -# global settings -set geracetime 1 week -listen on lo port 8443 - -# provider definitions -provider lev1 https://acme-v01.api.letsencrypt.org/directory -provider les https://acme-staging.api.letsencrypt.org/directory default - -# account definitions -account webmaster@example.com key /etc/webmaster.key default -account mailmaster@example.com key /etc/mailmaster.key phone +12025551212 - -# hook definitions -hook nginx "doas /etc/rc.d/nginx reload" -hook dovecot "doas /etc/rc.d/dovecot reload" -hook smtpd "doas /etc/rc.d/smtpd reload" - -# desire definitions -# full example -desire { www.example.com, example.com, www2.example.com } from les \ - as webmaster@example.com \ - key /etc/ssl/private/www_example_com.key \ - cert /etc/ssl/cert/www_example_com.pem \ - webroot /var/www/htdocs \ - hook nginx - -# desire with prefix www implies altname without www -# short example, with default provider and account -desire www.example.net \ - key /etc/ssl/private/www_example_net.key \ - cert /etc/ssl/cert/www_example_net.pem - -desire mail.example.com from les \ - as mailmaster@example.com \ - key /etc/ssl/private/mail_example_com.key \ - cert /etc/ssl/cert/mail_example_com.pem \ - hook { dovecot, smtpd } diff --git a/acme.dot b/acme.dot deleted file mode 100644 index 78aeb12..0000000 --- a/acme.dot +++ /dev/null @@ -1,29 +0,0 @@ -digraph acme { - rankdir = LR; - node [ shape = box ]; - - edge [ style = dotted ]; - "directory" -> "new-reg"; - "directory" -> "new-authz"; - "directory" -> "new-cert"; - "directory" -> "revoke-cert"; - - edge [ style = solid, label = "Location" ]; - "new-reg" -> "reg"; - "new-authz" -> "authz"; - "authz" -> "challenge"; - "new-cert" -> "cert"; - - edge [ style = dashed, label = "next" ]; - "new-reg" -> "new-authz"; - "reg" -> "new-authz"; - "new-authz" -> "new-cert"; - "authz" -> "new-cert"; - - edge [ label = "up" ]; - "cert" -> "cert-chain"; - "challenge" -> "authz"; - - edge [ label = "revoke" ]; - "cert" -> "revoke-cert"; -} diff --git a/acme.toml b/acme.toml deleted file mode 100644 index 222e474..0000000 --- a/acme.toml +++ /dev/null @@ -1,60 +0,0 @@ -[defaults] -gracetime = "168h" # 1 week -listen = "localhost:8443" -basedir = ".acme" # usually "/etc/ssl" -provider = "les" -account = "webmaster" -keysize = 2048 # default key size - -#[provider.lev1] -#directory = "https://acme-v01.api.letsencrypt.org/directory" - -[provider.les] -directory = "https://acme-staging.api.letsencrypt.org/directory" - -[account.webmaster] -mail = "webmaster@example.com" -key = "private/webmaster.key" - -#[account.postmaster] -#mail = "postmaster@example.com" -#phone = "+12025551212" -#key = "private/postmaster.key" - -#[account.notused] -#mail = "notused@example.com" -#key = "private/notused.key" - -[hook.nginx] -cmd = "sudo service nginx reload" - -#[hook.dovecot] -#cmd = "sudo service dovecot reload" - -#[hook.smtpd] -#cmd = "sudo service smtpd reload" - -# long example -[desire.com] -provider = "les" -account = "webmaster" -altnames = [ "www.example.com", "example.com" ] -key = "private/www_example_com.key" -cert = "certs/www_example_com.pem" -webroot = "/var/www/htdocs" -hooks = [ "nginx" ] - -# short example, uses defaults -#[desire.net] -#altnames = [ "www.example.net" ] # www implies altname without www -#key = "private/www_example_net.key" -#cert = "certs/www_example_net.pem" -#hooks = [ "nginx" ] - -#[desire.mail] -#provider = "les" -#account = "postmaster" -#altnames = [ "mail.example.com" ] -#key = "private/mail_example_com.key" -#cert = "certs/mail_example_com.pem" -#hooks = [ "dovecot", "smtpd" ] diff --git a/acme.yaml b/acme.yaml deleted file mode 100644 index 3ef172e..0000000 --- a/acme.yaml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- mail: another@example.com - key: /etc/acme.key - provider: https://acme-staging.api.letsencrypt.org/directory - want: - - domain: - - www.example.com - - example.com - cert: /etc/certs/www_example_com.pem - key: /etc/private/www_example_com.key - hook: service nginx reload - webroot: /var/www/htdocs - - domain: other.example.com - cert: /etc/certs/other_example_com.pem - key: /etc/private/other_example_com.key - -- mail: a.n.other@example.net - key: /etc/another.key - provider: https://acme-staging.api.letsencrypt.org/directory - want: - - domain: www.example.net - cert: /etc/certs/www_example_net.pem - key: /etc/private/www_example_net.key diff --git a/cmd/acme/dim13.hcl b/cmd/acme/dim13.hcl deleted file mode 100644 index 71295dd..0000000 --- a/cmd/acme/dim13.hcl +++ /dev/null @@ -1,53 +0,0 @@ -defaults { - listen = "localhost:8080" - listentls = "localhost:8443" - basedir = "~/.acme" - keysize = 2048 -} - -provider "letsencrypt" { - directory = "https://acme-v01.api.letsencrypt.org/directory" -} - -provider "letsencrypt-staging" { - directory = "https://acme-staging.api.letsencrypt.org/directory" -} - -account "webmaster" { - mail = "webmaster@dim13.org" - key = "private/webmaster.key" -} - -account "postmaster" { - mail = "postmaster@dim13.org" - key = "private/postmaster.key" -} - -desire "web" { - provider = "letsencrypt" - account = "webmaster" - key = "private/www_dim13_org.key" - cert = "certs/www_dim13_org.pem" - - altnames = [ - "www.dim13.org", - "mail.dim13.org", - "git.dim13.org", - "cvs.dim13.org", - "dim13.org", - ] -} - -desire "mail" { - provider = "letsencrypt" - account = "postmaster" - key = "private/mail_dim13_org.key" - cert = "certs/mail_dim13_org.pem" - - altnames = [ - "mail.dim13.org", - "smtp.dim13.org", - "imap.dim13.org", - "dim13.org", - ] -} diff --git a/cmd/acme/dim13.toml b/cmd/acme/dim13.toml deleted file mode 100644 index 32446f4..0000000 --- a/cmd/acme/dim13.toml +++ /dev/null @@ -1,41 +0,0 @@ -[defaults] -listen = "localhost:8080" -listentls = "localhost:8443" -basedir = "/home/demon/.acme" -keysize = 2048 - -[provider.letsencrypt] -directory = "https://acme-v01.api.letsencrypt.org/directory" - -[account.webmaster] -mail = "webmaster@dim13.org" -key = "private/webmaster.key" - -[account.postmaster] -mail = "postmaster@dim13.org" -key = "private/postmaster.key" - -[desire.web] -provider = "letsencrypt" -account = "webmaster" -altnames = [ - "www.dim13.org", - "mail.dim13.org", - "git.dim13.org", - "cvs.dim13.org", - "dim13.org" -] -key = "private/www_dim13_org.key" -cert = "certs/www_dim13_org.pem" - -[desire.mail] -provider = "letsencrypt" -account = "postmaster" -altnames = [ - "mail.dim13.org", - "smtp.dim13.org", - "imap.dim13.org", - "dim13.org" -] -key = "private/mail_dim13_org.key" -cert = "certs/mail_dim13_org.pem" diff --git a/cmd/acme/docker.hcl b/cmd/acme/docker.hcl deleted file mode 100644 index 80aca40..0000000 --- a/cmd/acme/docker.hcl +++ /dev/null @@ -1,43 +0,0 @@ -defaults { - gracetime = "168h" # 1 week - listen = "localhost:8080" - listentls = "localhost:8443" - basedir = ".acme" # usually "/etc/ssl" - provider = "les" - account = "webmaster" - keysize = 2048 # default key size -} - -provider "staging" { - directory = "https://acme-staging.api.letsencrypt.org/directory" -} - -account "webmaster" { - mail = "webmaster@docker.moccu.com" - key = "private/webmaster.key" -} - -account "webmaster2" { - mail = "webmaster@docker.moccu.com" - key = "private/webmaster2.key" -} - -desire "docker" { - provider = "staging" - account = "webmaster" - altnames = ["docker.moccu.com", "test.docker.moccu.com"] - key = "private/docker_moccu_com.key" - cert = "certs/docker_moccu_com.pem" -} - -desire "www" { - provider = "staging" - account = "webmaster2" - altnames = ["www.docker.moccu.com"] - key = "private/www_docker_moccu_com.key" - cert = "certs/www_docker_moccu_com.pem" -} - -hook "nginx" { - cmd = "sudo service nginx reload" -} diff --git a/cmd/acme/docker.toml b/cmd/acme/docker.toml deleted file mode 100644 index eb31816..0000000 --- a/cmd/acme/docker.toml +++ /dev/null @@ -1,38 +0,0 @@ -[defaults] -gracetime = "168h" # 1 week -listen = "localhost:8080" -listentls = "localhost:8443" -basedir = ".acme" # usually "/etc/ssl" -provider = "les" -account = "webmaster" -keysize = 2048 # default key size - -[provider.les] -directory = "https://acme-staging.api.letsencrypt.org/directory" - -[account.webmaster] -mail = "webmaster@docker.moccu.com" -key = "private/webmaster.key" - -[account.webmaster2] -mail = "webmaster@docker.moccu.com" -key = "private/webmaster2.key" - -[desire.docker] -provider = "les" -account = "webmaster" -altnames = [ "docker.moccu.com", "test.docker.moccu.com" ] -key = "private/docker_moccu_com.key" -cert = "certs/docker_moccu_com.pem" -#webroot = "/var/www/htdocs" -#hooks = [ "nginx" ] - -[desire.www] -provider = "les" -account = "webmaster2" -altnames = [ "www.docker.moccu.com" ] -key = "private/www_docker_moccu_com.key" -cert = "certs/www_docker_moccu_com.pem" - -[hook.nginx] -cmd = "sudo service nginx reload" diff --git a/doc/acme.dot b/doc/acme.dot new file mode 100644 index 0000000..78aeb12 --- /dev/null +++ b/doc/acme.dot @@ -0,0 +1,29 @@ +digraph acme { + rankdir = LR; + node [ shape = box ]; + + edge [ style = dotted ]; + "directory" -> "new-reg"; + "directory" -> "new-authz"; + "directory" -> "new-cert"; + "directory" -> "revoke-cert"; + + edge [ style = solid, label = "Location" ]; + "new-reg" -> "reg"; + "new-authz" -> "authz"; + "authz" -> "challenge"; + "new-cert" -> "cert"; + + edge [ style = dashed, label = "next" ]; + "new-reg" -> "new-authz"; + "reg" -> "new-authz"; + "new-authz" -> "new-cert"; + "authz" -> "new-cert"; + + edge [ label = "up" ]; + "cert" -> "cert-chain"; + "challenge" -> "authz"; + + edge [ label = "revoke" ]; + "cert" -> "revoke-cert"; +} diff --git a/doc/acme.yml b/doc/acme.yml new file mode 100644 index 0000000..3ef172e --- /dev/null +++ b/doc/acme.yml @@ -0,0 +1,23 @@ +--- +- mail: another@example.com + key: /etc/acme.key + provider: https://acme-staging.api.letsencrypt.org/directory + want: + - domain: + - www.example.com + - example.com + cert: /etc/certs/www_example_com.pem + key: /etc/private/www_example_com.key + hook: service nginx reload + webroot: /var/www/htdocs + - domain: other.example.com + cert: /etc/certs/other_example_com.pem + key: /etc/private/other_example_com.key + +- mail: a.n.other@example.net + key: /etc/another.key + provider: https://acme-staging.api.letsencrypt.org/directory + want: + - domain: www.example.net + cert: /etc/certs/www_example_net.pem + key: /etc/private/www_example_net.key -- cgit v1.2.3