letsencrypt
Differences
This shows you the differences between two versions of the page.
| Next revision Both sides next revision | |||
|
letsencrypt [2016/04/27 10:49] k2patel created |
letsencrypt [2016/04/27 11:02] k2patel |
||
|---|---|---|---|
| Line 15: | Line 15: | ||
| </code> | </code> | ||
| + | ==== configuration for certificate request / location ==== | ||
| //It is good idea to create config file for each certificate because we can use it for renewal// | //It is good idea to create config file for each certificate because we can use it for renewal// | ||
| Line 38: | Line 39: | ||
| </code> | </code> | ||
| + | ==== Nginx configuration ==== | ||
| + | I'm using https redirect for my hosts so i use following code on each domain.\\ | ||
| + | Works fine for me. | ||
| + | <code conf nginx.conf> | ||
| + | if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") { | ||
| + | rewrite ^(.*) https://$host$1 permanent; | ||
| + | } | ||
| + | location /.well-known/acme-challenge { | ||
| + | root /var/www/letsencrypt; | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | ==== Cron setup ==== | ||
| + | Now i have script which run every 11 week. | ||
| + | |||
| + | <code bash letsrenew> | ||
| + | #!/usr/bin/env bash | ||
| + | # | ||
| + | ############# | ||
| + | # | ||
| + | # Renew Certificate using lets-encrypt | ||
| + | # Author : Ketan Patel <k2patel.in> | ||
| + | # License : BSD | ||
| + | # | ||
| + | ############# | ||
| + | source /etc/bashrc | ||
| + | |||
| + | # Globals ( Please update ) | ||
| + | # | ||
| + | ldomains=('wiki.k2patel.in' 'www.k2patel.in' 'ip.k2patel.in' 'rpm.k2patel.in') | ||
| + | LETSENCRYPT_HOME="/root/letsencrypt" | ||
| + | WEBSERVER="nginx" | ||
| + | |||
| + | # Enable System level logging | ||
| + | # Redirect log to logger | ||
| + | exec 1> >(logger -t $(basename $0)) 2>&1 | ||
| + | |||
| + | for i in ${ldomains[@]} | ||
| + | do | ||
| + | ${LETSENCRYPT_HOME}/letsencrypt-auto certonly -c /etc/letsencrypt/config/${i}.conf --renew-by-default | ||
| + | done | ||
| + | |||
| + | # Start web services | ||
| + | if /usr/bin/systemctl restart ${WEBSERVER} ; then | ||
| + | echo "Web service re-started after certificate renewal." | ||
| + | else | ||
| + | echo "Failed to start web services" | ||
| + | fi | ||
| + | </code> | ||
letsencrypt.txt ยท Last modified: 2020/08/10 02:35 (external edit)
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
