RoE | Wiki

User Tools

Site Tools

Trace: wordpress mybb lets_encrypt
servers:linux:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:linux:nginx:lets_encrypt [2025/04/25 00:50] – [Settings] Sean Rhoneservers:linux:nginx:lets_encrypt [2025/09/11 18:25] (current) – [Settings] Sean Rhone
Line 1: Line 1:
 ====== Information ====== ====== Information ======
  
-  * Let's Encrypt ((https://letsencrypt.org)) +  * Let's Encrypt 
-  * Certbot ((https://certbot.eff.org)) +  * Certbot 
-  * [[Information:Realm of Espionage]]+  * [[information:realm_of_espionage|Realm of Espionage]]
  
 ===== Prerequisites ===== ===== Prerequisites =====
  
   * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]   * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
-  * [[servers;linux;nginx_php_php-fpm|nginx]]+  * [[servers:linux:nginx_php_php-fpm|nginx]]
  
 ====== Dependencies ====== ====== Dependencies ======
Line 21: Line 21:
  
 <code> <code>
-# letsencrypt/cli-custom.ini 
- 
 verbose = true verbose = true
 text = true text = true
Line 30: Line 28:
 agree-tos = true agree-tos = true
  
-########## +##################################################
-#CHANGEME# +
-########## +
 email = espionage724@x email = espionage724@x
- +##################################################
-########## +
-#CHANGEME# +
-##########+
  
 no-eff-email = true no-eff-email = true
Line 46: Line 38:
 hsts = true hsts = true
 uir = true uir = true
-staple-ocsp = true+staple-ocsp = false
  
 pre-hook = systemctl stop 'nginx' pre-hook = systemctl stop 'nginx'
 post-hook = systemctl start 'nginx' post-hook = systemctl start 'nginx'
  
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz+domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz
  
 # End</code> # End</code>
Line 57: Line 49:
 ====== Obtain Certs ====== ====== Obtain Certs ======
  
-  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))+  * :!: If it passes the dry run, remove the dry-run argument and re-run
  
   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
 +
 +  sudo systemctl stop 'nginx'
  
 ====== Automatic Cert Renewal ====== ====== Automatic Cert Renewal ======
Line 70: Line 64:
 [Service] [Service]
 Type=oneshot Type=oneshot
 +
 ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
 +
 ExecStartPost='/usr/bin/sync' ExecStartPost='/usr/bin/sync'
  
Line 76: Line 72:
  
 ===== Timer ===== ===== Timer =====
 +
 +  * Weekly
  
   sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now   sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
Line 93: Line 91:
  
 # End</code> # End</code>
 +
 +  sudo systemctl start 'certbot-renew-custom' && sudo systemctl status 'certbot-renew-custom' -l
  
/srv/www/wiki/data/attic/servers/linux/nginx/lets_encrypt.1745556606.txt.gz · Last modified: by Sean Rhone