User Tools

Site Tools


Sidebar

letsencrypt
new certificate
/usr/bin/certbot --nginx certonly -d yourdomain.com --deploy-hook /usr/local/sbin/push_to_confiared.sh
add new for nginx
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers         HIGH:!aNULL:!MD5;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate      /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/yourdomain.com/privkey.pem;
renew for apache
/usr/bin/certbot --apache renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/apache2 reload"
renew for nginx
/usr/bin/certbot --nginx renew --deploy-hook /usr/local/sbin/push_to_confiared.sh
--post-hook "/etc/init.d/nginx reload"
/usr/local/sbin/push_to_confiared.sh
#!/bin/bash
#RENEWED_LINEAGE=/etc/letsencrypt/live/site.com
if [ ! -f ${RENEWED_LINEAGE}/cert.pem ]
then
  echo "${RENEWED_LINEAGE}/cert.pem was not found, abort" > /var/log/last_letsencrypt_confiared_api.log
  echo "${RENEWED_LINEAGE}/cert.pem was not found, abort" >> /var/log/last_letsencrypt_confiared_api.err
  exit 255
fi
/usr/bin/curl --silent --data-urlencode "certificate=`cat ${RENEWED_LINEAGE}/cert.pem`" --data-urlencode "chain=`cat ${RENEWED_LINEAGE}/chain.pem`" --data-urlencode "privatekey=`cat ${RENEWED_LINEAGE}/privkey.pem`" https://api.confiared.com/reverse-proxy/upload-certificate -o /var/log/last_letsencrypt_confiared_api.log
if [ $? -ne 0 ]
then
  # try 99 times
  for i in {1..99}
  do
    sleep 600
    /usr/bin/curl --silent --data-urlencode "certificate=`cat ${RENEWED_LINEAGE}/cert.pem`" --data-urlencode "chain=`cat ${RENEWED_LINEAGE}/chain.pem`" --data-urlencode "privatekey=`cat ${RENEWED_LINEAGE}/privkey.pem`" https://api.confiared.com/reverse-proxy/upload-certificate -o /var/log/last_letsencrypt_confiared_api.log
    if [ $? -ne 0 ]
    then
      exit 0
    fi
  done
fi
cron
0 3 * * * sleep ${RANDOM:0:3}m;[ `ps aux | grep nginx | grep -v -F grep | wc -l` -gt 0 ] && /usr/bin/certbot --nginx renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/nginx reload" > /var/log/letsencrypt.log 2>&1
0 3 * * * sleep ${RANDOM:0:3}m;[ `ps aux | grep apache2 | grep -v -F grep | wc -l` -gt 0 ] && /usr/bin/certbot --apache renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/apache2 reload" > /var/log/letsencrypt.log 2>&1
letsencrypt.txt · Last modified: 2022/06/01 12:39 by admin