Both sides previous revisionPrevious revisionNext revision | Previous revision |
linux:ubuntu:certbot [2018/01/08 09:49] – lunetikk | linux:ubuntu:certbot [2018/12/13 09:28] (current) – [nginx] lunetikk |
---|
| |
===== Installation ===== | ===== Installation ===== |
| |
Good guide for nginx config and cronjob for auto renew | |
[[https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8]] | |
| |
<code> | <code> |
| |
==== nginx ==== | ==== nginx ==== |
| |
| Good guide for nginx config and cronjob for auto renew\\ |
| [[https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8]] |
| |
| |
Create "/etc/nginx/letsencrypt/letsencrypt.conf" with the following | Create "/etc/nginx/letsencrypt/letsencrypt.conf" with the following |
<code>include /etc/nginx/letsencrypt/letsencrypt.conf;</code> | <code>include /etc/nginx/letsencrypt/letsencrypt.conf;</code> |
| |
Create a folder for challanges | Create a folder for challenges |
<code>mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge</code> | <code>mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge</code> |
| |
</code> | </code> |
| |
| ==== nginx ==== |
| Add to your vhost config |
| <code> |
| ssl_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem; |
| ssl_certificate_key /etc/letsencrypt/live/lunetikk.de/privkey.pem; |
| ssl_trusted_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem; |
| </code> |
| |
| ==== apache2 ==== |
Add to your vhost config | Add to your vhost config |
<code> | <code> |
SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem | SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem |
</code> | </code> |
| |
| ===== Automation ===== |
| |
| Create a script for automation |
| |
| <code> |
| #!/bin/bash |
| /usr/bin/certbot renew --renew-hook "service apache2 reload" > /var/log/certbot-renew.log |
| mail -s "CERTBOT Renewals" <YOURMAILADDRESS> < /var/log/certbot-renew.log |
| DATE=`date +%Y-%m-%d` |
| mv /var/log/certbot-renew.log /var/log/certbot-renew_%DATE.log |
| exit 0 |
| </code> |
| |
| Add to your crontab |
| |
| <code>@daily /bin/certbotrenew.sh</code> |
| |
===== Commands ===== | ===== Commands ===== |
| |
^ Command ^ Function ^ | ^ Command ^ Function ^ |
| certbot certonly --webroot --agree-tos --no-eff-email --email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de> | Obtain or renew a certificate | | | %%certbot certonly --webroot --agree-tos --no-eff-email --email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de>%% | Obtain or renew a certificate | |
| certbot renew | Renew all previously obtained certificates that are near expiry | | | certbot renew | Renew all previously obtained certificates that are near expiry | |
| certbot certonly --dry-run | Test "renew" or "certonly" without saving any certificates to disk | | | %%certbot certonly --dry-run%% | Test "renew" or "certonly" without saving any certificates to disk | |
| certbot certificates | Display information about certificates you have from Certbot | | | certbot certificates | Display information about certificates you have from Certbot | |
| certbot revoke | Revoke a certificate (supply --cert-path) | | | certbot revoke | Revoke a certificate (supply --cert-path) | |
| certbot delete | Delete a certificate | | | certbot delete | Delete a certificate | |
| |