Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
rpi_nimbus [2019/08/01 09:49] – [+Work logs] Júne Park | rpi_nimbus [2019/08/03 04:39] – [Let's Encrypt via repository] Júne Park | ||
---|---|---|---|
Line 155: | Line 155: | ||
</ | </ | ||
+ | ---- | ||
+ | |||
+ | ==== Let's Encrypt via repository ==== | ||
+ | |||
+ | <code bash> | ||
+ | sudo apt update | ||
+ | sudo apt install certbot python-certbot-nginx | ||
+ | </ | ||
+ | |||
+ | command is same as '' | ||
+ | |||
+ | === Create certificate(s) === | ||
+ | |||
+ | <code bash> | ||
+ | | ||
+ | </ | ||
+ | |||
+ | === Renew certificate(s) === | ||
+ | |||
+ | <code bash> | ||
+ | | ||
+ | </ | ||
+ | |||
+ | === Delete certificate(s) === | ||
+ | |||
+ | <code bash> | ||
+ | | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | === Renew certificate(s) using systemd === | ||
+ | |||
+ | Check renewal executes without error, | ||
+ | |||
+ | <code bash> | ||
+ | sudo certbot renew --dry-run | ||
+ | </ | ||
+ | |||
+ | == Service unit file == | ||
+ | |||
+ | If no error, edit **service unit file** typically stored in ''/ | ||
+ | |||
+ | <code ini> | ||
+ | [Unit] | ||
+ | Description=Certbot Renewal | ||
+ | |||
+ | [Service] | ||
+ | ExecStart=/ | ||
+ | </ | ||
+ | |||
+ | Which restarts web service after renewing certificate(s). | ||
+ | |||
+ | == Timer unit file == | ||
+ | |||
+ | Modify ''/ | ||
+ | |||
+ | <code ini> | ||
+ | [Unit] | ||
+ | Description=Timer for Certbot Renewal | ||
+ | |||
+ | [Timer] | ||
+ | OnBootSec=300 | ||
+ | OnUnitActiveSec=2w | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | The configuration below will activate the service biweekly, and 300 seconds after boot-up. | ||
+ | |||
+ | == Using systemctl and journalctl == | ||
+ | |||
+ | To start the timer | ||
+ | <code bash> | ||
+ | sudo systemctl start certbot-renewal.timer | ||
+ | </ | ||
+ | |||
+ | To enable the timer to be started on boot-up | ||
+ | <code bash> | ||
+ | sudo systemctl enable certbot-renewal.timer | ||
+ | </ | ||
+ | |||
+ | To show status information for the timer | ||
+ | <code bash> | ||
+ | systemctl status certbot-renewal.timer | ||
+ | </ | ||
+ | |||
+ | To show journal entries for the timer | ||
+ | journalctl -u certbot-renewal.service | ||
+ | | ||
---- | ---- | ||
==== SSL Configuration on Nginx ==== | ==== SSL Configuration on Nginx ==== |