RoE | Wiki

User Tools

Site Tools

Trace:
windows:servers:nginx:lets_encrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
windows:servers:nginx:lets_encrypt [2024/05/19 19:45] – [Obtain Certs] Sean Rhonewindows:servers:nginx:lets_encrypt [2024/08/13 18:42] (current) – removed Sean Rhone
Line 1: Line 1:
-====== Information ====== 
- 
-  * Let's Encrypt ((https://letsencrypt.org)) 
-  * Certbot ((https://certbot.eff.org)) 
-  * [[Information:Realm of Espionage]] 
- 
-  * :!: 20240519: This is experimental and WIP 
- 
-===== Prerequisites ===== 
- 
-  * [[windows:10|Windows 10]] 
-  * [[windows:servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] ((Certbot doesn't necessarily require nginx; if not using nginx, then port 443/tcp is likely needed to be opened and pre/post-hooks/service restarting changed)) 
- 
-====== Install ====== 
- 
-===== Python ===== 
- 
-  * https://www.python.org/downloads/windows/ 
- 
-  * Install ''pip'' and add to PATH 
- 
-===== Certbot ===== 
- 
-**** 
- 
-  pip install "certbot" 
- 
-====== Settings ====== 
- 
-  *  :!: Be sure to change the email address 
-  * :!: Any new domains added need to be added to Namecheap as well 
-  * ''must-staple = true'' is disabled due to being incompatible with Firefox ((last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018)) 
- 
-  mkdir "C:\Certbot\" && notepad++ "C:\Certbot\cli-custom.ini" 
- 
-<code> 
-verbose = true 
-text = true 
-non-interactive = true 
-standalone = true 
-force-renewal = true 
-agree-tos = true 
- 
-########## 
-#CHANGEME# 
-########## 
- 
-email = espionage724@x 
- 
-########## 
-#CHANGEME# 
-########## 
- 
-no-eff-email = true 
- 
-rsa-key-size = 4096 
-redirect = true 
-hsts = true 
-uir = true 
-staple-ocsp = true 
- 
-#pre-hook = "C:\nginx-1.25.5\nginx.exe" -s "quit" 
-#post-hook = systemctl start 'nginx' 
- 
-domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz 
- 
-# End</code> 
- 
-====== Obtain Certs ====== 
- 
-  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet)) 
- 
-  certbot "certonly" --config "C:\Certbot\cli-custom.ini" --dry-run 
- 
-====== Automatic Cert Renewal ====== 
- 
-===== Disable Existing ===== 
- 
-**** 
- 
-  sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer' 
- 
-===== Service ===== 
- 
-  sudo -e '/etc/systemd/system/certbot-renew-custom.service' 
- 
-<code> 
-[Service] 
-Type=oneshot 
-ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet 
-ExecStartPost='/usr/bin/sync' 
- 
-# End</code> 
- 
-===== Timer ===== 
- 
-  sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now 
- 
-<code> 
-[Unit] 
-Description=Let's Encrypt Certificate Renewal 
-After=network-online.target 
-Wants=network-online.target 
- 
-[Timer] 
-OnCalendar=weekly 
-Persistent=true 
- 
-[Install] 
-WantedBy=multi-user.target 
- 
-# End</code> 
  
/usr/local/www/wiki/data/attic/windows/servers/nginx/lets_encrypt.1716162317.txt.gz · Last modified: (external edit)