config BR2_PACKAGE_DEHYDRATED bool "dehydrated" depends on BR2_USE_MMU # bash select BR2_PACKAGE_BASH select BR2_PACKAGE_BUSYBOX_SHOW_OTHERS # bash select BR2_PACKAGE_LIBCURL select BR2_PACKAGE_CURL select BR2_PACKAGE_OPENSSL select BR2_PACKAGE_LIBOPENSSL_BIN if BR2_PACKAGE_LIBOPENSSL select BR2_PACKAGE_LIBRESSL_BIN if BR2_PACKAGE_LIBRESSL help Dehydrated is a client for signing certificates with an ACME-server (e.g. Let's Encrypt) implemented as a relatively simple (zsh-compatible) bash-script. This client supports both ACME v1 and the new ACME v2 including support for wildcard certificates! To use this script in Buildroot: - Create /etc/dehydrated/domains.txt - Make sure that "dehydrated -c" is called regularly, e.g. from cron. - Make sure /etc/dehydrated is writable. - Configure the webserver to export the WELLKNOWN directory (/var/www/dehydrated) as /.well-known/acme-challenge - Configure the webserver to use the certificates under /etc/dehydrated/certs/ - Register a HOOK to reload the webserver after the certificates have been renewed. You probably need to install a custom /etc/dehydrated/config with the rootfs overlay. https://github.com/lukas2511/dehydrated