RoE | Wiki

User Tools

Site Tools

Trace: default_hosts 11_ltsc wordpress wordpress
servers:bsd:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
servers:bsd:nginx:lets_encrypt [2024/11/30 11:32] – created Sean Rhoneservers:bsd:nginx:lets_encrypt [2025/05/17 17:13] (current) Sean Rhone
Line 8: Line 8:
  
   * [[bsd:server:freebsd_14.2|FreeBSD 14.2]]   * [[bsd:server:freebsd_14.2|FreeBSD 14.2]]
-  * [[servers:bsd:freenginx_php_php-fpm|freenginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx then port 443/tcp likely needs to be opened and pre/post-hooks/service restarting changed))+  * [[servers:bsd:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
  
 ====== Dependencies ====== ====== Dependencies ======
  
-  su -l+  su -
  
   pkg install 'py311-certbot'   pkg install 'py311-certbot'
Line 20: Line 20:
   *  :!: Be sure to change the email address   *  :!: Be sure to change the email address
  
-  su -l+  su -
  
   ee '/usr/local/etc/letsencrypt/cli-custom.ini'   ee '/usr/local/etc/letsencrypt/cli-custom.ini'
Line 48: Line 48:
 hsts = true hsts = true
 uir = true uir = true
-staple-ocsp = true+staple-ocsp = false
  
-pre-hook = service 'nginx' stop +domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz
-post-hook = service 'nginx' start +
- +
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz+
  
 # End</code> # End</code>
Line 61: Line 58:
   * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))   * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))
  
-  su -l+  su -
  
   certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run   certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run
  
-====== Automatic Cert Renewal ======+===== Temp Commands =====
  
-  * :!: Everything below TODO+  * TODOservice stop nginx, above no dry-run
  
-===== Disable Existing =====+====== Automatic Cert Renewal ======
  
-**** +  TODO
- +
-  sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer' +
- +
-===== Service ===== +
- +
-  sudo -e '/etc/systemd/system/certbot-renew-custom.service' +
- +
-<code> +
-[Service] +
-Type=oneshot +
-ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet +
-ExecStartPost='/usr/bin/sync' +
- +
-# End</code> +
- +
-===== Timer ===== +
- +
-  sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now +
- +
-<code> +
-[Unit] +
-Description=Let's Encrypt Certificate Renewal +
-After=network-online.target +
-Wants=network-online.target +
- +
-[Timer] +
-OnCalendar=weekly +
-Persistent=true +
- +
-[Install] +
-WantedBy=multi-user.target +
- +
-# End</code>+
  
/srv/www/wiki/data/attic/servers/bsd/nginx/lets_encrypt.1732984336.txt.gz · Last modified: by Sean Rhone