====== 'dehydrated' ======

Some notes about //[[https://dehydrated.io/|dehydrated]]//.

===== Generating certificate for a remote sever =====

When generating a certificate (''dehydrated -c [-x]'') on one server (//a.example.com//) for another server (//b.example.com//), the second one must redirect the ''/.well-known/acme-challenge'' URL to the first one.

For example, if you use //NGINX//, you should have, on server //a.example.com//, a configuration file with following content :

<code nginx>
location ^~ /.well-known/acme-challenge {
	auth_basic "off";
	alias /var/lib/dehydrated/acme-challenges;
}    
</code>

For server //b.example.com//, the counterpart will the look like:

<code nginx>
location ^~ /.well-known/acme-challenge {
	auth_basic "off";
	proxy_pass http://a.example.com/.well-known/acme-challenge;
}
</code>

The ''/etc/dehydrated/domains.txt'' file of server //a.example.com// have to contain both server, of course.

Once the certificate(s) generated, you have to copy the ''/var/lib/dehydrated'' folder from server //a.example.com// to server //b.example.com// (not already tested…).