User Tools

Site Tools


letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
letsencrypt [2016/05/02 13:18]
ian
letsencrypt [2020/02/13 22:55] (current)
Line 5: Line 5:
 Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate. Because the certificate is valid only for 90 days, it is important to use the scripted automation to authorize and renew the certificate.
  
-1. If the letsencrypt command is not available in your package manager, use the letsencrypt-auto command by installing it locally.+1. If the certbot command is not available in your package manager, use the certbot-auto command by installing it locally.
  
 <note tip> <note tip>
Line 15: Line 15:
  
 <code> <code>
-# cd /usr/local +# cd /usr/local/sbin 
-git clone https://github.com/letsencrypt/letsencrypt +wget https://dl.eff.org/certbot-auto 
-cd letsencrypt +chmod +x certbot-auto 
-# ./letsencrypt-auto --help+# ./certbot-auto --help
 </code> </code>
  
-2. Add a monthly script to perform the renewals+2. Add a weekly script to perform the renewals
  
 <code> <code>
-# echo -e '#!/bin/bash\n\n' >> /etc/cron.monthly/99letsencrypt-renew +# echo '#!/bin/bash 
-# chmod u+x /etc/cron.monthly/99letsencrypt-renew+ 
 +sleep $(( $RANDOM % 1800 )) 
 + 
 +logger "Start: $0" 
 + 
 +' >> /etc/cron.weekly/letsencrypt-renew 
 +# chmod u+x /etc/cron.weekly/letsencrypt-renew
 </code> </code>
  
-3. Run a manual certificate authorization/installation.  letsencrypt is able to modify the apache config, but my configuration was too complicated - so I later modify the apache config manually.+3. Run a manual certificate authorization/installation.  certbot is able to modify the apache config, but my configuration was too complicated - so I later modify the apache config manually.
  
 <code> <code>
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/braindump/dokuwiki/ -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net+/usr/local/sbin/certbot-auto certonly --webroot --webroot-path /var/www -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net
 </code> </code>
  
Line 44: Line 50:
 </note> </note>
  
-4. Add your last letsencrypt certonly command to the cron.monthly shell script +4. <code> 
- +echo '/usr/local/sbin/certbot-auto renew --deploy-hook "systemctl reload apache2">> /etc/cron.weekly/letsencrypt-renew
-<code> +
-echo "!?certonly?" >> /etc/cron.monthly/99letsencrypt-renew+
 </code> </code>
  
Line 65: Line 69:
         ServerAlias www.braindump.ca braindump.mrzesty.net         ServerAlias www.braindump.ca braindump.mrzesty.net
  
 +        DocumentRoot /var/www/
         RewriteEngine On         RewriteEngine On
-        RewriteRule /(.*) https://%{HTTP_HOST}/$1 [R]+        RewriteCond %{REQUEST_URI} !/.well-known/.* 
 +        RewriteRule (.*) https://%{HTTP_HOST}$1 [R]
 </VirtualHost> </VirtualHost>
  
Line 78: Line 84:
 </code> </code>
  
-6. You can repeat steps 4-6 for any additional SSL certificates for other public sites on the server.+6. You can repeat steps 5-6 for any additional SSL certificates for other public sites on the server.
  
-**/etc/cron.monthly/99letsencrypt-renew**:+**/etc/cron.weekly/letsencrypt-renew**:
 <code> <code>
 #!/bin/bash #!/bin/bash
  
-logger "Start: $0"+sleep $(( $RANDOM % 1800 ))
  
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/braindump/dokuwiki/ -d braindump.ca -d www.braindump.ca -d braindump.mrzesty.net +logger "Start: $0"
-/usr/local/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path /home/ian/public_html/MrZesty -d mrzesty.net -d www.mrzesty.net+
  
-service apache2 reload+/usr/local/sbin/certbot-auto renew --deploy-hook "systemctl reload apache2"
  
 logger "End: $0" logger "End: $0"
 </code> </code>
  
letsencrypt.1462209480.txt.gz · Last modified: 2020/02/13 22:55 (external edit)

free spam filter