servers:linux:nginx:lets_encrypt
This is an old revision of the document!
Table of Contents
Information
Prerequisites
Dependencies
sudo zypper install 'python313-certbot'
Settings
sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
# letsencrypt/cli-custom.ini verbose = true text = true non-interactive = true standalone = true force-renewal = true agree-tos = true ########## #CHANGEME# ########## email = espionage724@x ########## #CHANGEME# ########## no-eff-email = true rsa-key-size = 4096 redirect = true hsts = true uir = true staple-ocsp = true pre-hook = systemctl stop 'nginx' post-hook = systemctl start 'nginx' domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz # End
Obtain Certs
If it passes the dry run, remove the dry-run argument and re-run 3)
sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
Automatic Cert Renewal
Service
sudo -e '/etc/systemd/system/certbot-renew-custom.service'
[Service] Type=oneshot ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStartPost='/usr/bin/sync' # End
Timer
sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
[Unit] Description=Let's Encrypt Certificate Renewal After=network-online.target Wants=network-online.target [Timer] OnCalendar=weekly Persistent=true [Install] WantedBy=multi-user.target # End
3)
the dry run will likely fail the nginx restart step since the certs don't actually exist yet
/srv/www/wiki/data/attic/servers/linux/nginx/lets_encrypt.1745556606.txt.gz · Last modified: by Sean Rhone