This repository contains a wrapper script that makes it easier to use Electronic Frontier Foundation's (EFF's) Certbot with the TRUSTZONE's ACME Pro GlobalSign server. This wrapper is a fork of ZEROSSL's zerossl-bot
Install the tz-bot script
- Quick:
- run:
bash <(wget -q -O - https://github.com/mattTrustzone/tz-bot/raw/master/get-tzbot.sh) - Done!
- run:
- Careful:
- Run:
wget -q -O - https://github.com/mattTrustzone/tz-bot/raw/master/get-tzbot.sh > get-tzbot.sh - Inspect the file to see that it does what it is supposed to do
- Run:
source get-tzbot.sh
- Run:
- Download via portal:
- A zipped tar file of tz-bot can be downloaded in your TRUSTZONE customer portal
- Unzip and copy the tz-bot folder to your desired endpoint.
- Run
source get-tzbot.sh
To use the TrustZone ACME server instead of running certbot run tz-bot.
When prompted, provide your EAB KID (KeyID) and EAB HMAC Key (ACME MAC).
sudo tz-bot certonly --standalone -d mydomain.example.comsudo tz-bot --apache -d myotherdomain.example.comsudo tz-bot --apache -d mythirddomain.example.com sudo tz-bot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.secrets/cloudflare-api-token \
--dns-cloudflare-propagation-seconds 60 -d fourth.example.com \Ensure correct ACME server URL is used (--server flag):
--server https://emea.acme.atlas.globalsign.com/directory
There have been issues reported with certbot interactive prompt causing certificates of Let's Encrypt instead of GlobalSign being issued. It is recommended to hand over parameters directly using the documented flags.