Differences

This shows you the differences between two versions of the page.

--- letsencrypt [2016/04/27 10:49]
k2patel created
+++ letsencrypt [2018/09/25 14:38]
k2patel [Nginx configuration]
@@ Line 1: / Line 1: @@
-====== Letsencrypt ======
+====== Letsencrypt | Certbot ======
+Now they renamed it from Letsencrypt to Certbot.\\
+Working on script to reflect the change but i have to make sure it does not change | Break all required dependencies.\\
 Great thing happen securing internet servers, And it's Free.\\
 But there is catch, You have to renew your certificated Often.\\
@@ Line 15: / Line 17: @@
 </code>
+==== configuration for certificate request / location ====
 //It is good idea to create config file for each certificate because we can use it for renewal//
 <code ini sample_config>
 # Domain which you are trying to get certificate for;
+# multiple domain like aliases can be saperated by comma
+# e.g. domains = wiki.k2patel.in, dokuwiki.k2patel.in
 domains = wiki.k2patel.in
@@ Line 38: / Line 43: @@
 </code>
+==== Nginx configuration ====
+I'm using https redirect for my hosts so i use following code on each domain.\\
+Works fine for me.
+<code conf nginx.conf>
+    if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
+        rewrite     ^(.*)   https://$host$1 permanent;
+    }
+    location /.well-known/acme-challenge {
+        root /var/www/letsencrypt;
+    }
+</code>
+SSL Configuration
+<code conf ssl.conf>
+    ssl on;
+    ssl_certificate_key /etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem;
+</code>
+==== Apache Configuration ====
+So each domain only need to redirect to HTTPS if URL requested is from acme.
+<code conf domain.conf>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+        RewriteCond %{HTTPS} off
+        RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
+</code>
+SSL configuration
+<code conf ssl.conf>
+        SSLEngine on
+        SSLCertificateFile      "/etc/letsencrypt/live/fqdn.testdomain.com/cert.pem"
+        SSLCertificateKeyFile   "/etc/letsencrypt/live/fqdn.testdomain.com/privkey.pem"
+        SSLCACertificatePath    "/etc/letsencrypt/live/fqdn.testdomain.com/"
+        SSLCertificateChainFile "/etc/letsencrypt/live/fqdn.testdomain.com/fullchain.pem"
+</code>
+==== Cron setup ====
+Now i have script which run every 11 week.
+<code bash letsrenew>
+#!/usr/bin/env bash
+#
+#############
+#
+# Renew Certificate using lets-encrypt
+# Author : Ketan Patel <k2patel.in>
+# License : BSD
+#
+#############
+source /etc/bashrc
+# Globals ( Please update )
+#
+ldomains=('wiki.k2patel.in' 'www.k2patel.in' 'ip.k2patel.in' 'rpm.k2patel.in')
+LETSENCRYPT_HOME="/root/letsencrypt"
+WEBSERVER="nginx"
+# Enable System level logging
+# Redirect log to logger
+exec 1> >(logger -t $(basename $0)) 2>&1
+for i in ${ldomains[@]}
+  do
+    ${LETSENCRYPT_HOME}/letsencrypt-auto certonly -c /etc/letsencrypt/config/${i}.conf --renew-by-default
+  done
+# Start web services
+if /usr/bin/systemctl restart ${WEBSERVER} ; then
+   echo "Web service re-started after certificate renewal."
+else
+   echo "Failed to start web services"
+fi
+</code>

Daily *Nix

User Tools

Site Tools

Differences

Page Tools