RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
servers:nginx:lets_encrypt [2019/10/23 20:42] Sean Rhoneservers:nginx:lets_encrypt [2024/02/07 14:31] – Fedora Server -> Ubuntu Server (wip) Sean Rhone
Line 14: Line 14:
 **** ****
  
-  sudo apt install 'certbot'+  sudo apt install 'python3-certbot'
  
 ====== Settings ====== ====== Settings ======
Line 22: Line 22:
   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))
  
-  sudo -e '/etc/letsencrypt/cli-custom.ini'+  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
  
 <code> <code>
Line 31: Line 31:
 force-renewal = true force-renewal = true
 agree-tos = true agree-tos = true
 +
 +##########
 +#CHANGEME#
 +##########
  
 email = espionage724@x email = espionage724@x
 +
 +##########
 +#CHANGEME#
 +##########
 +
 no-eff-email = true no-eff-email = true
  
Line 44: Line 53:
 post-hook = systemctl start 'nginx' post-hook = systemctl start 'nginx'
  
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz</code>+domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz 
 + 
 +# End</code>
  
 ====== Obtain Certs ====== ====== Obtain Certs ======
  
-  * :!: If it passes the dry run, remove the argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))+  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))
  
   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
  
 ====== Automatic Cert Renewal ====== ====== Automatic Cert Renewal ======
 +
 +===== Disable Existing =====
 +
 +****
 +
 +  sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer'
  
 ===== Service ===== ===== Service =====
Line 62: Line 79:
 Type=oneshot Type=oneshot
 ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
-ExecStartPost='/bin/sync'</code>+ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ===== Timer ===== ===== Timer =====
Line 79: Line 98:
  
 [Install] [Install]
-WantedBy=multi-user.target</code>+WantedBy=multi-user.target 
 + 
 +# End</code> 
/var/www/wiki/data/pages/servers/nginx/lets_encrypt.txt · Last modified: 2024/02/07 16:00 by Sean Rhone