servers:bsd:nginx:lets_encrypt
This is an old revision of the document!
Table of Contents
Information
Prerequisites
Dependencies
su -
pkg install 'py311-certbot'
Settings
Set email- TODO:
chat
su -
mkdir -p '/usr/local/etc/letsencrypt' && ee '/usr/local/etc/letsencrypt/cli-custom.ini'
verbose = "true" max-log-backups = "0" text = "true" non-interactive = "true" standalone = "true" force-renewal = "true" agree-tos = "true" ######################################## email = espionage724@x ######################################## no-eff-email = "true" rsa-key-size = "4096" redirect = "true" hsts = "true" uir = "true" staple-ocsp = "false" key-type = "ecdsa" elliptic-curve = "secp384r1" domains = "realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz" # End
Obtain Certs
- If it passes the dry run, remove the
--dry-runargument and re-run
su -
certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run
Scripts
Renewal
mkdir -p ~/'.local/scripts/www/certbot' && ee ~/'.local/scripts/www/certbot/certbot-renewal.sh' && chmod +x ~/'.local/scripts/www/certbot/certbot-renewal.sh'
#!/bin/sh cd '/tmp' '/usr/sbin/service' 'nginx' stop '/usr/local/bin/certbot' 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --quiet '/usr/sbin/service' 'nginx' start # End
su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'
cron
Renewal
- Weekly (Sunday)
07:00:00 AM
su -
ee '/etc/cron.d/certbot-renewal'
# SHELL=/bin/sh 0 7 * * sun root '/home/espionage724/.local/scripts/www/certbot/certbot-renewal.sh' # End
/usr/local/www/wiki/data/attic/servers/bsd/nginx/lets_encrypt.1772654062.txt.gz · Last modified: by Sean Rhone