Wiki de Confiared

User Tools

Site Tools

Trace:
letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
letsencrypt [2020/06/04 16:43]
admin 		letsencrypt [2022/06/01 12:39] (current)
admin
Line 1: Line 1:
-== new ==+== new certificate ​==
 <​code>/​usr/​bin/​certbot --nginx certonly -d yourdomain.com --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh</​code>​ <​code>/​usr/​bin/​certbot --nginx certonly -d yourdomain.com --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh</​code>​
  
 == add new for nginx == == add new for nginx ==
-<​code> ​               ssl_protocols ​      TLSv1 TLSv1.1 TLSv1.2; +<​code>​ssl_protocols ​      TLSv1 TLSv1.1 TLSv1.2; 
-                ssl_ciphers ​        ​HIGH:​!aNULL:​!MD5;​ +ssl_ciphers ​        ​HIGH:​!aNULL:​!MD5;​ 
-                listen 443 ssl http2; +listen 443 ssl http2; 
-                listen [::]:443 ssl http2; +listen [::]:443 ssl http2; 
-                ssl_certificate ​     /​etc/​letsencrypt/​live/​yourdomain.com/​fullchain.pem;​ +ssl_certificate ​     /​etc/​letsencrypt/​live/​yourdomain.com/​fullchain.pem;​ 
-                ssl_certificate_key ​ /​etc/​letsencrypt/​live/​yourdomain.com/​privkey.pem;</​code>​+ssl_certificate_key ​ /​etc/​letsencrypt/​live/​yourdomain.com/​privkey.pem;</​code>​
  
 == renew for apache == == renew for apache ==
Line 21: Line 21:
 #!/bin/bash #!/bin/bash
 #​RENEWED_LINEAGE=/​etc/​letsencrypt/​live/​site.com #​RENEWED_LINEAGE=/​etc/​letsencrypt/​live/​site.com
 +if [ ! -f ${RENEWED_LINEAGE}/​cert.pem ]
 +then
 +  echo "​${RENEWED_LINEAGE}/​cert.pem was not found, abort" > /​var/​log/​last_letsencrypt_confiared_api.log
 +  echo "​${RENEWED_LINEAGE}/​cert.pem was not found, abort" >> /​var/​log/​last_letsencrypt_confiared_api.err
 +  exit 255
 +fi
 /​usr/​bin/​curl --silent --data-urlencode "​certificate=`cat ${RENEWED_LINEAGE}/​cert.pem`"​ --data-urlencode "​chain=`cat ${RENEWED_LINEAGE}/​chain.pem`"​ --data-urlencode "​privatekey=`cat ${RENEWED_LINEAGE}/​privkey.pem`"​ https://​api.confiared.com/​reverse-proxy/​upload-certificate -o /​var/​log/​last_letsencrypt_confiared_api.log /​usr/​bin/​curl --silent --data-urlencode "​certificate=`cat ${RENEWED_LINEAGE}/​cert.pem`"​ --data-urlencode "​chain=`cat ${RENEWED_LINEAGE}/​chain.pem`"​ --data-urlencode "​privatekey=`cat ${RENEWED_LINEAGE}/​privkey.pem`"​ https://​api.confiared.com/​reverse-proxy/​upload-certificate -o /​var/​log/​last_letsencrypt_confiared_api.log
 +if [ $? -ne 0 ]
 +then
 +  # try 99 times
 +  for i in {1..99}
 +  do
 +    sleep 600
 +    /​usr/​bin/​curl --silent --data-urlencode "​certificate=`cat ${RENEWED_LINEAGE}/​cert.pem`"​ --data-urlencode "​chain=`cat ${RENEWED_LINEAGE}/​chain.pem`"​ --data-urlencode "​privatekey=`cat ${RENEWED_LINEAGE}/​privkey.pem`"​ https://​api.confiared.com/​reverse-proxy/​upload-certificate -o /​var/​log/​last_letsencrypt_confiared_api.log
 +    if [ $? -ne 0 ]
 +    then
 +      exit 0
 +    fi
 +  done
 +fi
 +
 </​code>​ </​code>​
  
letsencrypt.1591289035.txt.gz · Last modified: 2020/06/04 16:43 by admin

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki