User Tools

Site Tools


servers:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
servers:nginx:lets_encrypt [2020/04/24 10:07] – [Prerequisites] Sean Rhoneservers:nginx:lets_encrypt [2024/02/07 16:00] (current) – old revision restored (2024/01/02 14:06) Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[distros:ubuntu_server|Ubuntu Server]] ((Last tested on 20.04))+  * [[distros:fedora_server|Fedora Server]]
   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx, then port 443/tcp is likely needed to be opened and pre/post-hooks/service restarting changed))   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx, then port 443/tcp is likely needed to be opened and pre/post-hooks/service restarting changed))
  
Line 14: Line 14:
 **** ****
  
-  sudo apt install 'certbot'+  sudo dnf install 'certbot'
  
 ====== Settings ====== ====== Settings ======
Line 22: Line 22:
   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))   * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018))
  
-  sudo -e '/etc/letsencrypt/cli-custom.ini'+  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
  
 <code> <code>
Line 31: Line 31:
 force-renewal = true force-renewal = true
 agree-tos = true agree-tos = true
 +
 +##########
 +#CHANGEME#
 +##########
  
 email = espionage724@x email = espionage724@x
 +
 +##########
 +#CHANGEME#
 +##########
 +
 no-eff-email = true no-eff-email = true
  
Line 44: Line 53:
 post-hook = systemctl start 'nginx' post-hook = systemctl start 'nginx'
  
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz</code>+domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz 
 + 
 +# End</code>
  
 ====== Obtain Certs ====== ====== Obtain Certs ======
  
-  * :!: If it passes the dry run, remove the argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))+  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))
  
   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run   sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run
  
 ====== Automatic Cert Renewal ====== ====== Automatic Cert Renewal ======
 +
 +===== Disable Existing =====
 +
 +****
 +
 +  sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer'
  
 ===== Service ===== ===== Service =====
Line 62: Line 79:
 Type=oneshot Type=oneshot
 ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
-ExecStartPost='/bin/sync'</code>+ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ===== Timer ===== ===== Timer =====
Line 79: Line 98:
  
 [Install] [Install]
-WantedBy=multi-user.target</code>+WantedBy=multi-user.target 
 + 
 +# End</code> 
/var/www/wiki/data/attic/servers/nginx/lets_encrypt.1587737279.txt.gz · Last modified: 2020/04/24 10:07 by Sean Rhone