Letsencript Certbot Apache Nginx usage
Установка Certbot
Инструкции для различных ОС на официальном сайте: https://certbot.eff.org/
Универсальный вариант:
mkdir /opt/certbot cd /opt/certbot wget https://dl.eff.org/certbot-auto chmod a+x certbot-auto ./certbot-auto register chmod 755 /etc/letsencrypt/live /etc/letsencrypt/archive
Работа с сертификатами:
Выписать:
/opt/certbot/certbot-auto --no-self-upgrade certonly --staging --webroot -w /var/www/html -d examlpe.com -d www.examlpe.com
Отозвать:
/opt/certbot/certbot-auto revoke --staging --cert-path /etc/letsencrypt/live/example.com/cert.pem /opt/certbot/certbot-auto --no-self-upgrade delete --cert-name example.com
Автоматическое продление сертификатов
/etc/cron.d/certbot:
PATH=/sbin:/usr/sbin:/bin:/usr/bin #m h dom mon dow user command #30 2 * * 1 root /opt/certbot/certbot-auto --no-self-upgrade -n -q renew --post-hook "/usr/bin/systemctl restart nginx" >> /var/log/letsencrypt-renew.log #30 2 * * 1 root /opt/certbot/certbot-auto --no-self-upgrade renew --post-hook "/etc/init.d/httpd restart" >> /var/log/letsencrypt-renew.log
Скрипт для генерации SSL сертификатов для всех виртуальных сайтов
GetSSL-Certs.sh:
1 2 3 4 5 6 7 8 | #! /bin/bash while read line; do echo "===================================================" echo "================== $line =========================" echo "===================================================" #/opt/certbot/certbot-auto --no-self-upgrade certonly --staging -n -q --webroot -w /var/www/energokrug/data/www/$line -d $line -d www.$line /opt/certbot/certbot-auto --no-self-upgrade certonly -n -q --webroot -w /var/www/energokrug/data/www/$line -d $line -d www.$line done < <(ls -1 /var/www/energokrug/data/www/) |
Скрипт для отзыва всех выписанных сертификатов
RevokeSSL-Certs.sh:
1 2 3 4 5 6 7 8 9 10 | #! /bin/bash export PYTHONWARNINGS="ignore" while read line; do echo "===================================================" echo "================== $line =========================" echo "===================================================" /opt/certbot/certbot-auto --no-self-upgrade revoke --staging --cert-path /etc/letsencrypt/live/$line/cert.pem #/opt/certbot/certbot-auto --no-self-upgrade revoke --cert-path /etc/letsencrypt/live/$line/cert.pem /opt/certbot/certbot-auto --no-self-upgrade delete --cert-name $line done < <(ls -1 /etc/letsencrypt/live/) |
Enjoy!