1*4882a593Smuzhiyunconfig BR2_PACKAGE_DEHYDRATED 2*4882a593Smuzhiyun bool "dehydrated" 3*4882a593Smuzhiyun depends on BR2_USE_MMU # bash 4*4882a593Smuzhiyun select BR2_PACKAGE_BASH 5*4882a593Smuzhiyun select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash 6*4882a593Smuzhiyun select BR2_PACKAGE_LIBCURL 7*4882a593Smuzhiyun select BR2_PACKAGE_LIBCURL_CURL 8*4882a593Smuzhiyun select BR2_PACKAGE_OPENSSL 9*4882a593Smuzhiyun select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL 10*4882a593Smuzhiyun select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL 11*4882a593Smuzhiyun help 12*4882a593Smuzhiyun Dehydrated is a client for signing certificates with an 13*4882a593Smuzhiyun ACME-server (e.g. Let's Encrypt) implemented as a relatively 14*4882a593Smuzhiyun simple (zsh-compatible) bash-script. This client supports 15*4882a593Smuzhiyun both ACME v1 and the new ACME v2 including support for 16*4882a593Smuzhiyun wildcard certificates! 17*4882a593Smuzhiyun 18*4882a593Smuzhiyun To use this script in Buildroot: 19*4882a593Smuzhiyun - Create /etc/dehydrated/domains.txt 20*4882a593Smuzhiyun - Make sure that "dehydrated -c" is called regularly, e.g. 21*4882a593Smuzhiyun from cron. 22*4882a593Smuzhiyun - Make sure /etc/dehydrated is writable. 23*4882a593Smuzhiyun - Configure the webserver to export the WELLKNOWN directory 24*4882a593Smuzhiyun (/var/www/dehydrated) as /.well-known/acme-challenge 25*4882a593Smuzhiyun - Configure the webserver to use the certificates under 26*4882a593Smuzhiyun /etc/dehydrated/certs/<domain> 27*4882a593Smuzhiyun - Register a HOOK to reload the webserver after the 28*4882a593Smuzhiyun certificates have been renewed. 29*4882a593Smuzhiyun 30*4882a593Smuzhiyun You probably need to install a custom /etc/dehydrated/config 31*4882a593Smuzhiyun with the rootfs overlay. 32*4882a593Smuzhiyun 33*4882a593Smuzhiyun https://github.com/lukas2511/dehydrated 34