'dehydrated'

Some notes about dehydrated.

Generating certificate for a remote sever

When generating a certificate (dehydrated -c [-x]) on one server (a.example.com) for another server (b.example.com), the second one must redirect the /.well-known/acme-challenge URL to the first one.

For example, if you use NGINX, you should have, on server a.example.com, a configuration file with following content : 

location ^~ /.well-known/acme-challenge {
	auth_basic "off";
	alias /var/lib/dehydrated/acme-challenges;
}

For server b.example.com, the counterpart will the look like: 

location ^~ /.well-known/acme-challenge {
	auth_basic "off";
	proxy_pass http://a.example.com/.well-known/acme-challenge;
}

The /etc/dehydrated/domains.txt file of server a.example.com have to contain both server, of course.

Once the certificate(s) generated, you have to copy the /var/lib/dehydrated folder from server a.example.com to server b.example.com (not already tested…).

computing/tools/dehydrated/home.txt · Last modified: 2021/02/05 17:32 (external edit)
CC Attribution-Share Alike 4.0 International


  • Show pagesource
  • Backlinks
  • Media Manager
  • Sitemap