Here I have two files, one is mydomain.com.key (private key) and one is mydomain.com.crt (origin certificate). Do I need these two files? It seems like the script uses .pem file and I'm not sure if its my mydomain.com.key file.Correct. You'd download the origin cert and install it in the jail.
Also I need to mod these commands below?
Code:
iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/certs/ iocage exec ${JAIL_NAME} mkdir -p /usr/local/etc/pki/tls/private/ iocage exec ${JAIL_NAME} touch /usr/local/etc/pki/tls/private/privkey.pem iocage exec ${JAIL_NAME} chmod 600 /usr/local/etc/pki/tls/private/privkey.pem iocage exec ${JAIL_NAME} curl https://get.acme.sh -o /tmp/get-acme.sh iocage exec ${JAIL_NAME} sh /tmp/get-acme.sh iocage exec ${JAIL_NAME} rm /tmp/get-acme.sh # Issue certificate. If standalone mode is selected, issue directly, otherwise call external script to issue cert via DNS validation if [ $STANDALONE_CERT -eq 1 ]; then iocage exec ${JAIL_NAME} /root/.acme.sh/acme.sh --issue ${TEST_CERT} --home "/root/.acme.sh" --standalone -d ${HOST_NAME} -k 4096 --fullchain-file /usr/local/etc/pki/tls/certs/fullchain.pem --key-file /usr/local/etc/pki/tls/private/privkey.pem --reloadcmd "service apache24 reload" elif [ $DNS_CERT -eq 1 ]; then iocage exec ${JAIL_NAME} /mnt/configs/acme_dns_issue.sh fi
Thanks.