User Tools

Site Tools


letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
letsencrypt [2018/12/29 12:31]
admin created
letsencrypt [2020/06/04 16:44] (current)
admin
Line 1: Line 1:
 == new == == new ==
-certbot --nginx ​new -d yourdomain.com --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh+<​code>/​usr/​bin/​certbot --nginx ​certonly ​-d yourdomain.com --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh</​code>​
  
-== renew == +== add new for nginx == 
-certbot --nginx renew --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh+<​code>​ssl_protocols ​      TLSv1 TLSv1.1 TLSv1.2; 
 +ssl_ciphers ​        ​HIGH:​!aNULL:​!MD5;​ 
 +listen 443 ssl http2; 
 +listen [::]:443 ssl http2; 
 +ssl_certificate ​     /​etc/​letsencrypt/​live/​yourdomain.com/​fullchain.pem;​ 
 +ssl_certificate_key ​ /​etc/​letsencrypt/​live/​yourdomain.com/​privkey.pem;</​code>​ 
 + 
 +== renew for apache ​== 
 +<​code>/​usr/​bin/​certbot --apache renew --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh --post-hook "/​etc/​init.d/​apache2 reload"</​code>​ 
 + 
 +== renew for nginx == 
 +<​code>/​usr/​bin/​certbot --nginx renew --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh 
 +--post-hook "/​etc/​init.d/​nginx reload"</​code>​
  
 == /​usr/​local/​sbin/​push_to_confiared.sh == == /​usr/​local/​sbin/​push_to_confiared.sh ==
 +<​code>​
 +#!/bin/bash
 +#​RENEWED_LINEAGE=/​etc/​letsencrypt/​live/​site.com
 +/​usr/​bin/​curl --silent --data-urlencode "​certificate=`cat ${RENEWED_LINEAGE}/​cert.pem`"​ --data-urlencode "​chain=`cat ${RENEWED_LINEAGE}/​chain.pem`"​ --data-urlencode "​privatekey=`cat ${RENEWED_LINEAGE}/​privkey.pem`"​ https://​api.confiared.com/​reverse-proxy/​upload-certificate -o /​var/​log/​last_letsencrypt_confiared_api.log
 +</​code>​
 +
 +== cron ==
 +<​code>​0 3 * * * sleep ${RANDOM:​0:​3}m;​[ `ps aux | grep nginx | grep -v -F grep | wc -l` -gt 0 ] && /​usr/​bin/​certbot --nginx renew --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh --post-hook "/​etc/​init.d/​nginx reload"​ > /​var/​log/​letsencrypt.log 2>&1
 +0 3 * * * sleep ${RANDOM:​0:​3}m;​[ `ps aux | grep apache2 | grep -v -F grep | wc -l` -gt 0 ] && /​usr/​bin/​certbot --apache renew --deploy-hook /​usr/​local/​sbin/​push_to_confiared.sh --post-hook "/​etc/​init.d/​apache2 reload"​ > /​var/​log/​letsencrypt.log 2>&​1</​code>​
letsencrypt.1546086712.txt.gz · Last modified: 2018/12/29 12:31 by admin