While this is unsupported by Untangle, you are unlikely to break anything permanently. Just follow each step and double check the commands. We have installed it on dozens of client’s UVMs and not had a problem yet.
The only issue with DNS validation is that we have is that we have to manually run steps 3 through 8 every 90 days when the certificate expires.
1. Install Git, if you haven’t already.
apt install git
2. Clone and install acme.sh
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
./acme.sh --install
3. Stop Apache and create the certificate.
service apache2 stop
./acme.sh --issue -d YOUR-DOMAIN-HERE --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
4. Add a DNS TXT Record to your domain. You will see instructions in the console.
5. Renew the Cert after the DNS records are in place.
./acme.sh --issue -d YOUR-DOMAIN-HERE --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please --renew
6. Concatenate the new cert into Apache format.
cd /root/.acme.sh/YOUR-DOMAIN-HERE
cat [YOUR-DOMAIN-HERE].cer [YOUR-DOMAIN-HERE].key > apache2.pem
sudo cp apache2.pem /etc/apache2/ssl/apache2.pem
7. Change CERT location in Apache configuration
sudo nano /etc/apache2/sites-enabled/uvm.conf
At the bottom, replace SSLCertificateFile /etc/apache2/ssl/apache.pem with SSLCertificateFile /etc/apache2/ssl/apache2.pem
8. Start Apache
service apache2 start
If Apache fails to start, tail the log and see what is happening.
tail /var/log/apache2/error.log