User Tools

Site Tools


apache

Table of Contents

APACHE

SSL

Used Certbot

https://certbot.eff.org/

First I thought it failed because it reported it couldn't find one my domain names, but it was just a typo. So type it out and paste it in.

Then it also failed, but because I realized I had not enabled port forwarding on my router.

anyway ran the certbot-auto made some choice that seemed logical but I don't really remember.

Installed on new Raspberian install on new SD Card

https://certbot.eff.org/#debianother-apache

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew –dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:

./path/to/certbot-auto renew –no-self-upgrade

sudo ./certbot-auto renew –no-self-upgrade

/certbot-auto renew –no-self-upgrade

The above stopped working…go to home/pi folder

./certbot-auto renew

displayed…

pi@raspberrypi:~ $ sudo ./certbot-auto renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log


——————————————————————————-
Processing /etc/letsencrypt/renewal/www.virtual-weltanschauung.org.conf
——————————————————————————-
Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for virtual-weltanschauung.org
tls-sni-01 challenge for virtual-weltanschauung.info
tls-sni-01 challenge for www.virtual-weltanschauung.info
tls-sni-01 challenge for www.virtual-weltanschauung.org
Waiting for verification…
Cleaning up challenges

——————————————————————————-
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.virtual-weltanschauung.org/fullchain.pem
——————————————————————————-

——————————————————————————-

Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/www.virtual-weltanschauung.org/fullchain.pem (success)\\


My script and crontab to automate renewal each week

To get your directory path displayed use

pwd

  • SSLrenew.sh
  • date > /home/pi/script/log.txt
  • /home/pi/certbot-auto renew » log.txt

To make a .sh script executable use this,

chmod +x SSLrenew.sh

crontab every Sunday at midnight

0 0 * * 0 /home/pi/script/SSLrenew.sh

Script to automatically renew SSL cert once a week on Sunday and write the date and result to a log file the > causes to overwrite each time

apache.txt · Last modified: 2018/09/25 20:34 by zeppo