servers:linux:nginx:lets_encrypt
Table of Contents
Information
- Let's Encrypt
- Certbot
Prerequisites
Dependencies
sudo zypper install 'python313-certbot'
Settings
sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
verbose = 'true' max-log-backups = '0' text = 'true' non-interactive = 'true' standalone = 'true' force-renewal = 'true' agree-tos = 'true' ######################################## email = espionage724@x ######################################## no-eff-email = 'true' rsa-key-size = '4096' redirect = 'true' hsts = 'true' uir = 'true' staple-ocsp = 'false' key-type = 'ecdsa' elliptic-curve = 'secp384r1' pre-hook = systemctl stop 'nginx' post-hook = systemctl start 'nginx' domains = 'realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz' # End
Obtain Certs
If it passes the dry run, remove the dry-run argument and re-run
sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
sudo systemctl stop 'nginx'
Automatic Cert Renewal
Service
sudo -e '/etc/systemd/system/certbot-renew-custom.service'
[Service] Type=oneshot WorkingDirectory=/etc/letsencrypt ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStartPost='/usr/bin/sync' # End
Timer
- Weekly (Sunday)
07:00:00 AM
sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
[Unit] Description=Let's Encrypt Certificate Renewal After=network-online.target Wants=network-online.target [Timer] OnCalendar=Sun *-*-* 07:00:00 Persistent=true [Install] WantedBy=multi-user.target # End
sudo systemctl start 'certbot-renew-custom' && sudo systemctl status 'certbot-renew-custom' -l
/var/www/wiki/data/pages/servers/linux/nginx/lets_encrypt.txt · Last modified: by Sean Rhone