status-im/infra-role-certbot
2
0
Fork 0
mirror of https://github.com/status-im/infra-role-certbot.git synced 2025-02-22 15:48:18 +00:00
Code Issues Projects Releases Wiki Activity

Issue #6: Add more documentation around automatically generating certs.

Browse Source
This commit is contained in:
Jeff Geerling 2017-07-26 15:56:22 -05:00
parent 01d801c4b7
commit f00a0ba181
1 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -50,13 +50,27 @@ None.
roles:
- geerlingguy.certbot
After installation, you can create certificates using the `certbot` (or `certbot-auto`) script, which by default is installed inside the configured `certbot_dir` (when using Git). Here are some example commands to configure certificates with Certbot:
### Creating certificates with certbot
After installation, you can create certificates using the `certbot` (or `certbot-auto`) script (use `letsencrypt` on Ubuntu 16.04, or use `/opt/certbot/certbot-auto` if installing from source/Git. Here are some example commands to configure certificates with Certbot:
# Automatically add certs for all Apache virtualhosts (use with caution!).
/opt/certbot/certbot-auto --apache
certbot --apache
# Generate certs, but don't modify Apache configuration (safer).
/opt/certbot/certbot-auto --apache certonly
certbot --apache certonly
If you want to fully automate the process of adding a new certificate, you can do so using the command line options to register, accept the terms of service, and then generate a cert using the standalone server:
1. Make sure any services listening on port 80 (Apache, Nginx, Varnish, etc.) are stopped.
2. Register with something like `certbot register --agree-tos --email [your-email@example.com]`
- Note: You won't need to do this step in the future, when generating additional certs on the same server.
3. Generate a cert for a domain whose DNS points to this server: `certbot certonly --noninteractive --standalone -d example.com -d www.example.com`
4. Re-start whatever was listening on port 80 before.
5. Update your webserver's virtualhost TLS configuration to point at the new certificate (`fullchain.pem`) and private key (`privkey.pem`) Certbot just generated for the domain you passed in the `certbot` command.
6. Restart your webserver so it uses the new HTTPS virtualhost configuration.
### Certbot certificate auto-renewal
By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing.