certhub-lego-run

Synopsis

certhub-lego-run <output-cert-file> <input-csr-file> <lego-directory> <lego> [lego-run-args …]

certhub-lego-run-preferred-chain <preferred-chain> <output-cert-file> <input-csr-file> <lego-directory> <lego> [lego-run-args …]

Description

Runs the given lego binary with CSR read from <input-csr-file>. Writes the resulting certificate to the <output-cert-file>.

Note, <lego-directory> must point to the directory where lego stores account data and certificates (usually $HOME/.lego).

In order to specify the preferred-chain, use the certhub-lego-run-preferred-chain binary and specify the CN of the preferred root certificate as the first argument.

Examples

Run lego run with CSR from configuration directory. Resulting fullchain certificate is committed to the repository.

git gau-exec /var/lib/certhub/certs.git \
git gau-ac \
git gau-xargs -I{} \
certhub-message-format {}/example.com.fullchain.pem x509 \
certhub-lego-run {}/example.com.fullchain.pem /etc/certhub/example.com.csr.pem /var/lib/certhub/private/lego \
lego --accept-tos --email hello@example.com

Run lego run with CSR from configuration directory and request a certificate with the alternate/short Let’s Encrypt certificate chain. Resulting fullchain certificate is committed to the repository.

git gau-exec /var/lib/certhub/certs.git \
git gau-ac \
git gau-xargs -I{} \
certhub-message-format {}/example.com.fullchain.pem x509 \
certhub-lego-run-preferred-chain "ISRG Root X1" {}/example.com.fullchain.pem /etc/certhub/example.com.csr.pem /var/lib/certhub/private/lego \
lego --accept-tos --email hello@example.com

See Also

certhub-message-format(1)