Dehydrated is a client for signing certificates with an ACME-server (e.g. Let’s Encrypt or ZeroSSL) implemented as a relatively simple bash-script. It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed. Other dependencies are: cURL, sed, grep, mktemp (all found on almost any system, cURL being the only exception) ### Installation Clone the repository from their GitHub using `git clone https://github.com/lukas2511/dehydrated` on your home directory, and `cd` to it, then do the following: * `doas install -m0755 dehydrated /usr/local/sbin/dehydrated` * `doas mkdir -p /etc/dehydrated` * `doas install -m0644 docs/examples/config /etc/dehydrated/config` * `doas install -m0644 docs/examples/domains.txt /etc/dehydrated/domains.txt` * `doas install -m0755 docs/examples/hook.sh /etc/dehydrated/hook.sh` ### Setup In `/etc/dehydrated/config` uncomment CA, CHALLENGETYPE, DOMAINS_TXT, CERTDIR, ALPNCERTDIR, ACCOUNTDIR, WELLKNOWN, KEYSIZE and LOCKFILE. Replace the value of BASEDIR to `/etc/dehydrated`, WELLKNOWN to `/var/www/acme`, CONTACT_EMAIL to your team's support address, After done, you'll have to do is running `doas dehydrated --register --accept-terms` You can clear out the domains.txt file and start adding domains one-per-line on said file, SANs can be added at the side of the domain (i.e. example.com mail.example.com) To request certificates, you should have `httpd` listening on the domain in port 80 and use the same entry like with `acme-client`, then run `doas dehydrated -c` and wait until it finishes.