Lunetikk's IT Wiki

User Tools

Site Tools

You are here: start » linux » ubuntu » certbot
Trace:
linux:ubuntu:certbot

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
linux:ubuntu:certbot [2018/01/08 09:49] lunetikklinux:ubuntu:certbot [2018/12/13 09:28] (current) – [nginx] lunetikk
Line 3: Line 3:
  
 ===== Installation ===== ===== Installation =====
- 
-Good guide for nginx config and cronjob for auto renew 
-[[https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8]] 
  
 <code> <code>
Line 17: Line 14:
  
 ==== nginx ==== ==== nginx ====
 +
 +Good guide for nginx config and cronjob for auto renew\\
 +[[https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8]]
 +
  
 Create "/etc/nginx/letsencrypt/letsencrypt.conf" with the following Create "/etc/nginx/letsencrypt/letsencrypt.conf" with the following
Line 30: Line 31:
 <code>include /etc/nginx/letsencrypt/letsencrypt.conf;</code> <code>include /etc/nginx/letsencrypt/letsencrypt.conf;</code>
  
-Create a folder for challanges+Create a folder for challenges
 <code>mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge</code> <code>mkdir -p /usr/local/nginx/html/letsencrypt/.well-known/acme-challenge</code>
  
Line 43: Line 44:
 </code> </code>
  
 +==== nginx ==== 
 +Add to your vhost config
 +<code>
 +ssl_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem;
 +ssl_certificate_key /etc/letsencrypt/live/lunetikk.de/privkey.pem;
 +ssl_trusted_certificate /etc/letsencrypt/live/lunetikk.de/fullchain.pem;
 +</code>
 +
 +==== apache2 ==== 
 Add to your vhost config Add to your vhost config
 <code> <code>
Line 49: Line 59:
 SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem SSLCertificateChainFile /etc/letsencrypt/live/lunetikk.de/fullchain.pem
 </code> </code>
 +
 +===== Automation =====
 +
 +Create a script for automation
 +
 +<code>
 +#!/bin/bash
 +/usr/bin/certbot renew --renew-hook "service apache2 reload" > /var/log/certbot-renew.log
 +mail -s "CERTBOT Renewals" <YOURMAILADDRESS> < /var/log/certbot-renew.log
 +DATE=`date +%Y-%m-%d`
 +mv /var/log/certbot-renew.log /var/log/certbot-renew_%DATE.log
 +exit 0
 +</code>
 +
 +Add to your crontab
 +
 +<code>@daily /bin/certbotrenew.sh</code>
  
 ===== Commands ===== ===== Commands =====
  
 ^  Command  ^  Function  ^ ^  Command  ^  Function  ^
-|  certbot certonly --webroot --agree-tos --no-eff-email --email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de>  |  Obtain or renew a certificate  |+|  %%certbot certonly --webroot --agree-tos --no-eff-email --email <mail> -w /usr/local/nginx/html/letsencrypt -d <www.domain.de> -d <domain.de>%%   Obtain or renew a certificate  |
 |  certbot  renew  |  Renew all previously obtained certificates that are near expiry  | |  certbot  renew  |  Renew all previously obtained certificates that are near expiry  |
-|  certbot certonly --dry-run  |  Test "renew" or "certonly" without saving any certificates to disk  |+|  %%certbot certonly --dry-run%%   Test "renew" or "certonly" without saving any certificates to disk  |
 |  certbot certificates  |  Display information about certificates you have from Certbot  | |  certbot certificates  |  Display information about certificates you have from Certbot  |
 |  certbot revoke  |  Revoke a certificate (supply --cert-path)  | |  certbot revoke  |  Revoke a certificate (supply --cert-path)  |
 |  certbot delete  |  Delete a certificate  | |  certbot delete  |  Delete a certificate  |
  
linux/ubuntu/certbot.1515401357.txt.gz · Last modified: 2018/01/08 09:49 (external edit)

Page Tools

Impressum Datenschutz
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki