RoE | Wiki

User Tools

Site Tools

Trace: lets_encrypt
servers:bsd:nginx:lets_encrypt

Table of Contents

Information

Prerequisites

Dependencies

su -
pkg install 'py311-certbot'

Settings

  • :!: Be sure to change the email address
su -
ee '/usr/local/etc/letsencrypt/cli-custom.ini'
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##########
#CHANGEME#
##########

email = espionage724@x

##########
#CHANGEME#
##########

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = false

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz

# End

Obtain Certs

  • :!: If it passes the dry run, remove the dry-run argument and re-run 3)
su -
certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run

Temp Commands

  • TODO: service stop nginx, above no dry-run

Automatic Cert Renewal

  • TODO
1)
https://letsencrypt.org
2)
https://certbot.eff.org
3)
the dry run will likely fail the nginx restart step since the certs don't actually exist yet
/srv/www/wiki/data/pages/servers/bsd/nginx/lets_encrypt.txt · Last modified: by Sean Rhone