Dehydrated is a client for signing certificates with an ACME-server (e.g. Let’s Encrypt or ZeroSSL) implemented as a relatively simple bash-script.

It uses the openssl utility for everything related to actually handling keys and certificates, so you need to have that installed.

Other dependencies are: cURL, sed, grep, mktemp (all found on almost any system, cURL being the only exception)

### Installation

Clone the repository from their GitHub using `git clone https://github.com/lukas2511/dehydrated` on your home directory, and `cd` to it, then do the following:

* `doas install -m0755 dehydrated /usr/local/sbin/dehydrated`

* `doas mkdir -p /etc/dehydrated`

* `doas install -m0644 docs/examples/config /etc/dehydrated/config`

* `doas install -m0644 docs/examples/domains.txt /etc/dehydrated/domains.txt`

* `doas install -m0755 docs/examples/hook.sh /etc/dehydrated/hook.sh`

### Setup

In `/etc/dehydrated/config` uncomment CA, CHALLENGETYPE, DOMAINS_TXT, CERTDIR, ALPNCERTDIR, ACCOUNTDIR, WELLKNOWN, KEYSIZE and LOCKFILE. Replace the value of BASEDIR to `/etc/dehydrated`, WELLKNOWN to `/var/www/acme`, CONTACT_EMAIL to your team's support address,  

After done, you'll have to do is running `doas dehydrated --register --accept-terms`

You can clear out the domains.txt file and start adding domains one-per-line on said file, SANs can be added at the side of the domain (i.e. example.com mail.example.com)

To request certificates, you should have `httpd` listening on the domain in port 80 and use the same entry like with `acme-client`, then run `doas dehydrated -c` and wait until it finishes.