servers:bsd:nginx:lets_encrypt
Table of Contents
Information
Prerequisites
Dependencies
su -
pkg install 'py311-certbot'
Settings
Set email
su -
mkdir -p '/usr/local/etc/letsencrypt' && ee '/usr/local/etc/letsencrypt/cli-custom.ini'
verbose = true text = true non-interactive = true standalone = true force-renewal = true agree-tos = true ################################################## email = espionage724@x ################################################## no-eff-email = true rsa-key-size = 4096 redirect = true hsts = true uir = true staple-ocsp = false domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz # End
Obtain Certs
- If it passes the dry run, remove the
--dry-runargument and re-run
su -
certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run
Scripts
Renewal
mkdir -p ~/'.local/scripts/www/certbot' && ee ~/'.local/scripts/www/certbot/certbot-renewal.sh' && chmod +x ~/'.local/scripts/www/certbot/certbot-renewal.sh'
#!/bin/sh service 'nginx' stop certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --quiet service 'nginx' start # End
~/'.local/scripts/www/certbot/certbot-renewal.sh'
su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'
ssh '192.168.1.152' -t "su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'"
Automatic Cert Renewal
- TODO
/srv/www/wiki/data/pages/servers/bsd/nginx/lets_encrypt.txt · Last modified: by Sean Rhone