34 lines
1.3 KiB
Plaintext
34 lines
1.3 KiB
Plaintext
config BR2_PACKAGE_DEHYDRATED
|
|
bool "dehydrated"
|
|
depends on BR2_USE_MMU # bash
|
|
select BR2_PACKAGE_BASH
|
|
select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash
|
|
select BR2_PACKAGE_LIBCURL
|
|
select BR2_PACKAGE_LIBCURL_CURL
|
|
select BR2_PACKAGE_OPENSSL
|
|
select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL
|
|
select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL
|
|
help
|
|
Dehydrated is a client for signing certificates with an
|
|
ACME-server (e.g. Let's Encrypt) implemented as a relatively
|
|
simple (zsh-compatible) bash-script. This client supports
|
|
both ACME v1 and the new ACME v2 including support for
|
|
wildcard certificates!
|
|
|
|
To use this script in Buildroot:
|
|
- Create /etc/dehydrated/domains.txt
|
|
- Make sure that "dehydrated -c" is called regularly, e.g.
|
|
from cron.
|
|
- Make sure /etc/dehydrated is writable.
|
|
- Configure the webserver to export the WELLKNOWN directory
|
|
(/var/www/dehydrated) as /.well-known/acme-challenge
|
|
- Configure the webserver to use the certificates under
|
|
/etc/dehydrated/certs/<domain>
|
|
- Register a HOOK to reload the webserver after the
|
|
certificates have been renewed.
|
|
|
|
You probably need to install a custom /etc/dehydrated/config
|
|
with the rootfs overlay.
|
|
|
|
https://github.com/dehydrated-io/dehydrated
|