Differences

This shows you the differences between two versions of the page.

--- letsencrypt [2018/09/25 14:34]
k2patel [Nginx configuration]
+++ letsencrypt [2020/08/10 02:35]
@@ Line 1: / Line 1: @@
-====== Letsencrypt | Certbot ======
-Now they renamed it from Letsencrypt to Certbot.\\
-Working on script to reflect the change but i have to make sure it does not change | Break all required dependencies.\\
-Great thing happen securing internet servers, And it's Free.\\
-But there is catch, You have to renew your certificated Often.\\
-Since they provided tool to do so, i don't think there is problem at all.\\
-First install command line API tool.
-[[https://github.com/letsencrypt/letsencrypt|letsencrypt source]]
-There is many way you can get new certificate or renew certificate.\\
-But i like following way, which can be scripted easily.
-<code bash Get New Certificate>
-./letsencrypt-auto --email <email> --agree-tos certonly -d <fqdn> -c <Location_for_config>
-</code>
-==== configuration for certificate request / location ====
-//It is good idea to create config file for each certificate because we can use it for renewal//
-<code ini sample_config>
-# Domain which you are trying to get certificate for;
-# multiple domain like aliases can be saperated by comma
-# e.g. domains = wiki.k2patel.in, dokuwiki.k2patel.in
-domains = wiki.k2patel.in
-# Define rsa keysize
-rsa-key-size = 4096
-# Define the api server
-server = https://acme-v01.api.letsencrypt.org/directory
-# email address for your certificate
-email = k2patel@rediffmail.com
-# we can disable the UI and turn on the text mode
-text = True
-# authenticate by placing file in webroot located under .well-known/acme-challenge/
-authenticator = webroot
-webroot-path = /var/www/letsencrypt/
-</code>
-==== Nginx configuration ====
-I'm using https redirect for my hosts so i use following code on each domain.\\
-Works fine for me.
-<code conf nginx.conf>
-    if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
-        rewrite     ^(.*)   https://$host$1 permanent;
-    }
-    location /.well-known/acme-challenge {
-        root /var/www/letsencrypt;
-    }
-</code>
-==== Apache Configuration ====
-So each domain only need to redirect to HTTPS if URL requested is from acme.
-<code conf domain.conf>
-        RewriteEngine On
-        RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
-        RewriteCond %{HTTPS} off
-        RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]
-</code>
-==== Cron setup ====
-Now i have script which run every 11 week.
-<code bash letsrenew>
-#!/usr/bin/env bash
-#
-#############
-#
-# Renew Certificate using lets-encrypt
-# Author : Ketan Patel <k2patel.in>
-# License : BSD
-#
-#############
-source /etc/bashrc
-# Globals ( Please update )
-#
-ldomains=('wiki.k2patel.in' 'www.k2patel.in' 'ip.k2patel.in' 'rpm.k2patel.in')
-LETSENCRYPT_HOME="/root/letsencrypt"
-WEBSERVER="nginx"
-# Enable System level logging
-# Redirect log to logger
-exec 1> >(logger -t $(basename $0)) 2>&1
-for i in ${ldomains[@]}
-  do
-    ${LETSENCRYPT_HOME}/letsencrypt-auto certonly -c /etc/letsencrypt/config/${i}.conf --renew-by-default
-  done
-# Start web services
-if /usr/bin/systemctl restart ${WEBSERVER} ; then
-   echo "Web service re-started after certificate renewal."
-else
-   echo "Failed to start web services"
-fi
-</code>

Daily *Nix

User Tools

Site Tools

Differences

Page Tools