...
| Code Block |
|---|
openssl req -new -nodes -keyout "/etc/pki/tls/private/repo.nmsprime.com.key" -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:konferenz.nmsprime.com,DNS:repo.nmsprime.com,DNS:repo.roetzer-engineering.com,DNS:support.nmsprime.com,DNS:www.konferenz.nmsprime.com,DNS:conference.nmsprime.com,DNS:www.conference.nmsprime.com,DNS:repo.nmsprime.com")) -out "/var/lib/acme/csr/repo.nmsprime.com.csr" |
If you would like to change the default seven days validity check of acme-tiny to e.g. 14 days (i.e. acme-tiny should try renewing the certificate two weeks before the end of the current validity time) run the following commands to create a systemd drop-in, which will survive updates to the package acme-tiny:
| Code Block |
|---|
|
mkdir -p /etc/systemd/system/acme-tiny.service.d
echo $'[Service]\nExecStart=\nExecStart=/usr/libexec/acme-tiny/sign 14' > /etc/systemd/system/acme-tiny.service.d/check-validity.conf
systemctl daemon-reload |