RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
servers:nginx:lets_encrypt [2019/10/23 20:42] Sean Rhoneservers:nginx:lets_encrypt [2024/02/07 14:33] – Fedora Server -> Ubuntu Server Sean Rhone
Line 9: Line 9:
   * [[distros:ubuntu_server|Ubuntu Server]]   * [[distros:ubuntu_server|Ubuntu Server]]
   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx, then port 443/tcp is likely needed to be opened and pre/post-hooks/service restarting changed))   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx, then port 443/tcp is likely needed to be opened and pre/post-hooks/service restarting changed))
 +
 +  * [[servers:nginx:lets_encrypt?rev=1704222385|Previous Fedora Server revision]]
  
 ====== Dependencies ====== ====== Dependencies ======
Line 14: Line 16:
 **** ****
  
-  sudo apt install 'certbot'+  sudo apt install 'python3-certbot'
  
 ====== Settings ====== ====== Settings ======
Line 22: Line 24:
   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))
  
-  sudo -e '/etc/letsencrypt/cli-custom.ini'+  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
  
 <code> <code>
Line 31: Line 33:
 force-renewal = true force-renewal = true
 agree-tos = true agree-tos = true
 +
 +##########
 +#CHANGEME#
 +##########
  
 email = espionage724@x email = espionage724@x
 +
 +##########
 +#CHANGEME#
 +##########
 +
 no-eff-email = true no-eff-email = true
  
Line 44: Line 55:
 post-hook = systemctl start 'nginx' post-hook = systemctl start 'nginx'
  
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz</code>+domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz 
 + 
 +# End</code>
  
 ====== Obtain Certs ====== ====== Obtain Certs ======
  
-  * :!: If it passes the dry run, remove the argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))+  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))
  
   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
Line 62: Line 75:
 Type=oneshot Type=oneshot
 ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
-ExecStartPost='/bin/sync'</code>+ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ===== Timer ===== ===== Timer =====
Line 79: Line 94:
  
 [Install] [Install]
-WantedBy=multi-user.target</code>+WantedBy=multi-user.target 
 + 
 +# End</code> 
/var/www/wiki/data/pages/servers/nginx/lets_encrypt.txt · Last modified: 2024/02/07 16:00 by Sean Rhone