RoE | Wiki

User Tools

Site Tools

Trace: clone_hero debian_12_xfce video_ideas devilutionx iso_hashes old_coreboot dokuwiki mangos_zero_vanilla_localhost wsl opensuse_tumbleweed_server
servers:linux:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:linux:nginx:lets_encrypt [2025/12/20 19:14] – [Service] Sean Rhoneservers:linux:nginx:lets_encrypt [2026/04/17 22:07] (current) – [Settings] openSUSE TW -> Ubuntu (WIP) Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[linux:distros:server:ubuntu_server|Ubuntu Server]]+  * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
   * [[servers:linux:nginx_php_php-fpm|nginx]]   * [[servers:linux:nginx_php_php-fpm|nginx]]
  
Line 14: Line 14:
 **** ****
  
-  sudo apt install 'certbot'+  sudo zypper install 'python313-certbot'
  
 ====== Settings ====== ====== Settings ======
  
-  sudo -e '/etc/letsencrypt/cli-custom.ini'+  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
  
 <code> <code>
-verbose = true +verbose = 'true
-text = true +max-log-backups = '0' 
-non-interactive = true +text = 'true' 
-standalone = true +non-interactive = 'true' 
-force-renewal = true +standalone = 'true' 
-agree-tos = true+force-renewal = 'true' 
 +agree-tos = 'true'
  
 ######################################## ########################################
Line 32: Line 33:
 ######################################## ########################################
  
-no-eff-email = true+no-eff-email = 'true'
  
-rsa-key-size = 4096 +rsa-key-size = '4096' 
-redirect = true +redirect = 'true' 
-hsts = true +hsts = 'true' 
-uir = true +uir = 'true' 
-staple-ocsp = false+staple-ocsp = 'false
 +key-type = 'ecdsa' 
 +elliptic-curve = 'secp384r1'
  
 pre-hook = systemctl stop 'nginx' pre-hook = systemctl stop 'nginx'
 post-hook = systemctl start 'nginx' post-hook = systemctl start 'nginx'
  
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz+domains = 'realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz'
  
 # End</code> # End</code>
Line 56: Line 59:
  
 ====== Automatic Cert Renewal ====== ====== Automatic Cert Renewal ======
- 
-===== Disable Default ===== 
- 
-**** 
- 
-  sudo systemctl disable 'certbot.timer' --now 
  
 ===== Service ===== ===== Service =====
Line 81: Line 78:
 ===== Timer ===== ===== Timer =====
  
-  * Weekly+  * Weekly (Sunday) ''07:00:00 AM''
  
   sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now   sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
Line 92: Line 89:
  
 [Timer] [Timer]
-OnCalendar=weekly+OnCalendar=Sun *-*-* 07:00:00
 Persistent=true Persistent=true
  
/var/www/wiki/data/attic/servers/linux/nginx/lets_encrypt.1766276097.txt.gz · Last modified: by Sean Rhone
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki