Additional documentation for the unifi example.

This commit is contained in:
David Kerr 2017-02-12 18:08:17 -05:00
parent 6f4abe95cb
commit 76c1ed6628

View File

@ -143,7 +143,21 @@ export ACME_DEPLOY_SSH_REMOTE_CMD="openssl pkcs12 -export \
acme.sh --deploy -d unifi.example.com --deploy-hook ssh acme.sh --deploy -d unifi.example.com --deploy-hook ssh
``` ```
Note how in this exmple we execute several commands on the remote host In this exmple we execute several commands on the remote host
after the certificate files have been copied... to generate a pkcs12 file after the certificate files have been copied... to generate a pkcs12 file
compatible with Unifi, to import it into the Unifi keystore and then finaly compatible with Unifi, to import it into the Unifi keystore and then finaly
to restart the service. to restart the service.
Note also that once the certificate is imported
into the keystore the individual certificate files are no longer
required. We could if we desired delete those files immediately. If we
do that then we should disable backup at the remote host (as there are
no files to backup -- they were erased during deployment). For example...
```sh
export ACME_DEPLOY_SSH_BACKUP=no
# modify the end of the remte command...
&& rm /var/lib/unifi/unifi.example.com.key \
/var/lib/unifi/unifi.example.com.cer \
/var/lib/unifi/unifi.example.com.p12 \
&& service unifi restart
```