Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

  1. Add-ons
  2. dehydrated

dehydrated

New add-on as of Core Update 125.

Dehydrated is a client for signing certificates with a Let’s Encrypt server implemented as a relatively simple bash-script.

It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed.

Current features:

  • Signing of a list of domains
  • Signing of a CSR
  • Renewal if a certificate is about to expire or SAN (subdomains) changed
  • Certificate revocation

Installation

Dehydrated can be installed with the Pakfire web interface or via the console:

pakfire install dehydrated

Configuration

The dehydrated configuration file is located at /etc/dehydrated/config.

[root@ipfire]# cat /etc/dehydrated/config
########################################################
# This is the main config file for dehydrated          #
#                                                      #
# This file is looked for in the following locations:  #
# $SCRIPTDIR/config (next to this script)              #
# /usr/local/etc/dehydrated/config                     #
# /etc/dehydrated/config                               #
# ${PWD}/config (in current working-directory)         #
#                                                      #
# Default values of this config are in comments        #
########################################################

# Which user should dehydrated run as? This will be implictly enforced when running as root
#DEHYDRATED_USER= . . .

Usage

There is no web interface for this Addon. To run this Addon open the client console or terminal and access the IPFire box via SSH.

To obtain a list of possible commands and parameters:
dehydrated

The output is similar to this:

Usage: /usr/bin/dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
Default command: help
Commands:
 --version (-v)                   Print version information
 --register                       Register account key
 --account                        Update account contact information
 --cron (-c)                      Sign/renew non-existent/changed/expiring certificates.
 --signcsr (-s) path/to/csr.pem   Sign a given CSR, output CRT on stdout (advanced usage)
 --revoke (-r) path/to/cert.pem   Revoke specified certificate
 --cleanup (-gc)                  Move unused certificate files to archive directory
 --help (-h)                      Show help text
 --env (-e)                       Output configuration variables for use in other scripts
 . . .
Edit Page ‐ Yes, you can edit!

Older Revisions • October 17 at 12:24 am • Jon