1config BR2_PACKAGE_DEHYDRATED 2 bool "dehydrated" 3 depends on BR2_USE_MMU # bash 4 select BR2_PACKAGE_BASH 5 select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash 6 select BR2_PACKAGE_LIBCURL 7 select BR2_PACKAGE_LIBCURL_CURL 8 select BR2_PACKAGE_OPENSSL 9 select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL 10 select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL 11 help 12 Dehydrated is a client for signing certificates with an 13 ACME-server (e.g. Let's Encrypt) implemented as a relatively 14 simple (zsh-compatible) bash-script. This client supports 15 both ACME v1 and the new ACME v2 including support for 16 wildcard certificates! 17 18 To use this script in Buildroot: 19 - Create /etc/dehydrated/domains.txt 20 - Make sure that "dehydrated -c" is called regularly, e.g. 21 from cron. 22 - Make sure /etc/dehydrated is writable. 23 - Configure the webserver to export the WELLKNOWN directory 24 (/var/www/dehydrated) as /.well-known/acme-challenge 25 - Configure the webserver to use the certificates under 26 /etc/dehydrated/certs/<domain> 27 - Register a HOOK to reload the webserver after the 28 certificates have been renewed. 29 30 You probably need to install a custom /etc/dehydrated/config 31 with the rootfs overlay. 32 33 https://github.com/lukas2511/dehydrated 34