Differences

This shows you the differences between two versions of the page.

--- servers:linux:nginx:lets_encrypt [2025/05/16 21:39] – external edit 127.0.0.1
+++ servers:linux:nginx:lets_encrypt [2025/09/11 18:25] (current) – [Settings] Sean Rhone
@@ Line 1: / Line 1: @@
 ====== Information ======
-  * Let's Encrypt ((https://letsencrypt.org))
+  * Let's Encrypt
-  * Certbot ((https://certbot.eff.org))
+  * Certbot
-  * [[Information:Realm of Espionage]]
+  * [[information:realm_of_espionage|Realm of Espionage]]
 ===== Prerequisites =====
   * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
-  * [[servers;linux;nginx_php_php-fpm|nginx]]
+  * [[servers:linux:nginx_php_php-fpm|nginx]]
 ====== Dependencies ======
@@ Line 21: / Line 21: @@
 <code>
-# letsencrypt/cli-custom.ini
 verbose = true
 text = true
@@ Line 30: / Line 28: @@
 agree-tos = true
-##########
+##################################################
-#CHANGEME#
-##########
 email = espionage724@x
+##################################################
-##########
-#CHANGEME#
-##########
 no-eff-email = true
@@ Line 46: / Line 38: @@
 hsts = true
 uir = true
-staple-ocsp = true
+staple-ocsp = false
 pre-hook = systemctl stop 'nginx'
 post-hook = systemctl start 'nginx'
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz
+domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz
 # End</code>
@@ Line 57: / Line 49: @@
 ====== Obtain Certs ======
-  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))
+  * :!: If it passes the dry run, remove the dry-run argument and re-run
   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
+  sudo systemctl stop 'nginx'
 ====== Automatic Cert Renewal ======
@@ Line 68: / Line 62: @@
 <code>
-# certbot-renew-custom.service
 [Service]
 Type=oneshot
 ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
 ExecStartPost='/usr/bin/sync'
@@ Line 78: / Line 72: @@
 ===== Timer =====
+  * Weekly
   sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
 <code>
-# certbot-renew-custom.timer
 [Unit]
 Description=Let's Encrypt Certificate Renewal
@@ Line 97: / Line 91: @@
 # End</code>
+  sudo systemctl start 'certbot-renew-custom' && sudo systemctl status 'certbot-renew-custom' -l