This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
letsencrypt [2016/05/02 13:18] ian |
letsencrypt [2020/02/13 22:55] (current) |
||
---|---|---|---|
Line 5: | Line 5: | ||
Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate. | Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate. | ||
- | 1. If the letsencrypt | + | 1. If the certbot |
<note tip> | <note tip> | ||
Line 15: | Line 15: | ||
< | < | ||
- | # cd / | + | # cd /usr/local/sbin |
- | # git clone https://github.com/ | + | # wget https://dl.eff.org/certbot-auto |
- | # cd letsencrypt | + | # chmod +x certbot-auto |
- | # ./letsencrypt-auto --help | + | # ./certbot-auto --help |
</ | </ | ||
- | 2. Add a monthly | + | 2. Add a weekly |
< | < | ||
- | # echo -e '# | + | # echo '# |
- | # chmod u+x /etc/cron.monthly/99letsencrypt-renew | + | |
+ | sleep $(( $RANDOM % 1800 )) | ||
+ | |||
+ | logger " | ||
+ | |||
+ | ' >> /etc/cron.weekly/letsencrypt-renew | ||
+ | # chmod u+x /etc/cron.weekly/letsencrypt-renew | ||
</ | </ | ||
- | 3. Run a manual certificate authorization/ | + | 3. Run a manual certificate authorization/ |
< | < | ||
- | /usr/local/letsencrypt/letsencrypt-auto certonly | + | /usr/local/sbin/certbot-auto certonly --webroot --webroot-path /var/www -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net |
</ | </ | ||
Line 44: | Line 50: | ||
</ | </ | ||
- | 4. Add your last letsencrypt certonly command to the cron.monthly shell script | + | 4. < |
- | + | echo '/ | |
- | < | + | |
- | echo "!?certonly?" >> /etc/cron.monthly/99letsencrypt-renew | + | |
</ | </ | ||
Line 65: | Line 69: | ||
ServerAlias www.braindump.ca braindump.mrzesty.net | ServerAlias www.braindump.ca braindump.mrzesty.net | ||
+ | DocumentRoot /var/www/ | ||
RewriteEngine On | RewriteEngine On | ||
- | | + | |
+ | RewriteRule | ||
</ | </ | ||
Line 78: | Line 84: | ||
</ | </ | ||
- | 6. You can repeat steps 4-6 for any additional SSL certificates for other public sites on the server. | + | 6. You can repeat steps 5-6 for any additional SSL certificates for other public sites on the server. |
- | **/ | + | **/ |
< | < | ||
#!/bin/bash | #!/bin/bash | ||
- | logger " | + | sleep $(( $RANDOM % 1800 )) |
- | / | + | logger " |
- | / | + | |
- | service apache2 | + | / |
logger "End: $0" | logger "End: $0" | ||
</ | </ | ||