letsencrypt
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
letsencrypt [2018/12/29 12:31] admin created |
letsencrypt [2022/06/01 12:39] (current) admin |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | == new == | + | == new certificate == |
| - | certbot --nginx new -d yourdomain.com --deploy-hook /usr/local/sbin/push_to_confiared.sh | + | <code>/usr/bin/certbot --nginx certonly -d yourdomain.com --deploy-hook /usr/local/sbin/push_to_confiared.sh</code> |
| - | == renew == | + | == add new for nginx == |
| - | certbot --nginx renew --deploy-hook /usr/local/sbin/push_to_confiared.sh | + | <code>ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
| + | ssl_ciphers HIGH:!aNULL:!MD5; | ||
| + | listen 443 ssl http2; | ||
| + | listen [::]:443 ssl http2; | ||
| + | ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; | ||
| + | ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;</code> | ||
| + | |||
| + | == renew for apache == | ||
| + | <code>/usr/bin/certbot --apache renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/apache2 reload"</code> | ||
| + | |||
| + | == renew for nginx == | ||
| + | <code>/usr/bin/certbot --nginx renew --deploy-hook /usr/local/sbin/push_to_confiared.sh | ||
| + | --post-hook "/etc/init.d/nginx reload"</code> | ||
| == /usr/local/sbin/push_to_confiared.sh == | == /usr/local/sbin/push_to_confiared.sh == | ||
| + | <code> | ||
| + | #!/bin/bash | ||
| + | #RENEWED_LINEAGE=/etc/letsencrypt/live/site.com | ||
| + | if [ ! -f ${RENEWED_LINEAGE}/cert.pem ] | ||
| + | then | ||
| + | echo "${RENEWED_LINEAGE}/cert.pem was not found, abort" > /var/log/last_letsencrypt_confiared_api.log | ||
| + | echo "${RENEWED_LINEAGE}/cert.pem was not found, abort" >> /var/log/last_letsencrypt_confiared_api.err | ||
| + | exit 255 | ||
| + | fi | ||
| + | /usr/bin/curl --silent --data-urlencode "certificate=`cat ${RENEWED_LINEAGE}/cert.pem`" --data-urlencode "chain=`cat ${RENEWED_LINEAGE}/chain.pem`" --data-urlencode "privatekey=`cat ${RENEWED_LINEAGE}/privkey.pem`" https://api.confiared.com/reverse-proxy/upload-certificate -o /var/log/last_letsencrypt_confiared_api.log | ||
| + | if [ $? -ne 0 ] | ||
| + | then | ||
| + | # try 99 times | ||
| + | for i in {1..99} | ||
| + | do | ||
| + | sleep 600 | ||
| + | /usr/bin/curl --silent --data-urlencode "certificate=`cat ${RENEWED_LINEAGE}/cert.pem`" --data-urlencode "chain=`cat ${RENEWED_LINEAGE}/chain.pem`" --data-urlencode "privatekey=`cat ${RENEWED_LINEAGE}/privkey.pem`" https://api.confiared.com/reverse-proxy/upload-certificate -o /var/log/last_letsencrypt_confiared_api.log | ||
| + | if [ $? -ne 0 ] | ||
| + | then | ||
| + | exit 0 | ||
| + | fi | ||
| + | done | ||
| + | fi | ||
| + | |||
| + | </code> | ||
| + | |||
| + | == cron == | ||
| + | <code>0 3 * * * sleep ${RANDOM:0:3}m;[ `ps aux | grep nginx | grep -v -F grep | wc -l` -gt 0 ] && /usr/bin/certbot --nginx renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/nginx reload" > /var/log/letsencrypt.log 2>&1 | ||
| + | 0 3 * * * sleep ${RANDOM:0:3}m;[ `ps aux | grep apache2 | grep -v -F grep | wc -l` -gt 0 ] && /usr/bin/certbot --apache renew --deploy-hook /usr/local/sbin/push_to_confiared.sh --post-hook "/etc/init.d/apache2 reload" > /var/log/letsencrypt.log 2>&1</code> | ||
letsencrypt.1546086712.txt.gz · Last modified: 2018/12/29 12:31 by admin
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
