Differences

This shows you the differences between two versions of the page.

--- letsencrypt [2016/05/02 13:18]
ian
+++ letsencrypt [2020/02/13 22:55] (current)
@@ Line 5: / Line 5: @@
 Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate.
-. If the letsencrypt command is not available in your package manager, use the letsencrypt-auto command by installing it locally.
+. If the certbot command is not available in your package manager, use the certbot-auto command by installing it locally.
 <note tip>
@@ Line 15: / Line 15: @@
 <code>
-# cd /usr/local
+# cd /usr/local/sbin
-# git clone https://github.com/letsencrypt/letsencrypt
+# wget https://dl.eff.org/certbot-auto
-# cd letsencrypt
+# chmod +x certbot-auto
-# ./letsencrypt-auto --help
+# ./certbot-auto --help
 </code>
-. Add a monthly script to perform the renewals
+. Add a weekly script to perform the renewals
 <code>
-# echo -e '#!/bin/bash\n\n' >> /etc/cron.monthly/99letsencrypt-renew
+# echo '#!/bin/bash
-# chmod u+x /etc/cron.monthly/99letsencrypt-renew
+sleep $(( $RANDOM % 1800 ))
+logger "Start: $0"
+' >> /etc/cron.weekly/letsencrypt-renew
+# chmod u+x /etc/cron.weekly/letsencrypt-renew
 </code>
-. Run a manual certificate authorization/installation.  letsencrypt is able to modify the apache config, but my configuration was too complicated - so I later modify the apache config manually.
+. Run a manual certificate authorization/installation.  certbot is able to modify the apache config, but my configuration was too complicated - so I later modify the apache config manually.
 <code>
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/braindump/dokuwiki/ -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net
+/usr/local/sbin/certbot-auto certonly --webroot --webroot-path /var/www -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net
 </code>
@@ Line 44: / Line 50: @@
 </note>
-. Add your last letsencrypt certonly command to the cron.monthly shell script
+. <code>
+echo '/usr/local/sbin/certbot-auto renew --deploy-hook "systemctl reload apache2"' >> /etc/cron.weekly/letsencrypt-renew
-<code>
-echo "!?certonly?" >> /etc/cron.monthly/99letsencrypt-renew
 </code>
@@ Line 65: / Line 69: @@
         ServerAlias www.braindump.ca braindump.mrzesty.net
+        DocumentRoot /var/www/
         RewriteEngine On
-        RewriteRule /(.*) https://%{HTTP_HOST}/$1 [R]
+        RewriteCond %{REQUEST_URI} !/.well-known/.*
+        RewriteRule (.*) https://%{HTTP_HOST}$1 [R]
 </VirtualHost>
@@ Line 78: / Line 84: @@
 </code>
-. You can repeat steps 4-6 for any additional SSL certificates for other public sites on the server.
+. You can repeat steps 5-6 for any additional SSL certificates for other public sites on the server.
-**/etc/cron.monthly/99letsencrypt-renew**:
+**/etc/cron.weekly/letsencrypt-renew**:
 <code>
 #!/bin/bash
-logger "Start: $0"
+sleep $(( $RANDOM % 1800 ))
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/braindump/dokuwiki/ -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net
+logger "Start: $0"
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/MrZesty -d mrzesty.net -d www.mrzesty.net
-service apache2 reload
+/usr/local/sbin/certbot-auto renew --deploy-hook "systemctl reload apache2"
 logger "End: $0"
 </code>

Mr Zesty's BrainDump

User Tools

Site Tools

Differences

Page Tools