servers:bsd:nginx:lets_encrypt
This is an old revision of the document!
Table of Contents
Information
Prerequisites
Dependencies
su -
pkg install 'py311-certbot'
Settings
Be sure to change the email address
su -
ee '/usr/local/etc/letsencrypt/cli-custom.ini'
verbose = true text = true non-interactive = true standalone = true force-renewal = true agree-tos = true ########## #CHANGEME# ########## email = espionage724@x ########## #CHANGEME# ########## no-eff-email = true rsa-key-size = 4096 redirect = true hsts = true uir = true staple-ocsp = false domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz # End
Obtain Certs
- If it passes the dry run, remove the dry-run argument and re-run 3)
su -
certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run
Automatic Cert Renewal
- TODO
3)
the dry run will likely fail the nginx restart step since the certs don't actually exist yet
/usr/local/www/wiki/data/attic/servers/bsd/nginx/lets_encrypt.1747445948.txt.gz · Last modified: by 127.0.0.1