Letsencrypt autorenew

Now they renamed it from Letsencrypt to Certbot. Working on script to reflect the change but i have to make sure it does not change | Break all required dependencies. Great thing happen securing internet servers, And it’s Free.
But there is catch, You have to renew your certificated Often. Since they provided tool to do so, i don’t think there is problem at all. First install command line API tool. letsencrypt source

There is many way you can get new certificate or renew certificate.
But i like following way, which can be scripted easily.

Get New Certificate

./letsencrypt-auto --email <email> --agree-tos certonly -d <fqdn> -c <Location_for_config>

configuration for certificate request / location

It is good idea to create config file for each certificate because we can use it for renewal

sample_config

# Domain which you are trying to get certificate for;
domains = wiki.k2patel.in
# Define rsa keysize
rsa-key-size = 4096
# Define the api server
server = https://acme-v01.api.letsencrypt.org/directory
# email address for your certificate
email = k2patel@rediffmail.com
# we can disable the UI and turn on the text mode
text = True
# authenticate by placing file in webroot located under .well-known/acme-challenge/
authenticator = webroot
webroot-path = /var/www/letsencrypt/

Nginx configuration

I’m using https redirect for my hosts so i use following code on each domain.
Works fine for me.

nginx.conf
    if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
        rewrite     ^(.*)   https://$host$1 permanent;
    }
    location /.well-known/acme-challenge {
        root /var/www/letsencrypt;
    }

Nginx configuration

I’m using https redirect for my hosts so i use following code on each domain.
Works fine for me.

nginx.conf

    if ($request_uri !~ "^/.well-known/acme-challenge/(.*)") {
        rewrite     ^(.*)   https://$host$1 permanent;
    }
    location /.well-known/acme-challenge {
        root /var/www/letsencrypt;
    }

Cron setup

Now i have script which run every 11 week.

letsrenew

#!/usr/bin/env bash
#
#############
#
# Renew Certificate using lets-encrypt
# Author : Ketan Patel <k2patel.in>
# License : BSD
#
#############
source /etc/bashrc
# Globals ( Please update )
#
ldomains=('wiki.k2patel.in' 'www.k2patel.in' 'ip.k2patel.in' 'rpm.k2patel.in')
LETSENCRYPT_HOME="/root/letsencrypt"
WEBSERVER="nginx"
# Enable System level logging
# Redirect log to logger
exec 1> >(logger -t $(basename $0)) 2>&1
for i in ${ldomains[@]}
  do
    ${LETSENCRYPT_HOME}/letsencrypt-auto certonly -c /etc/letsencrypt/config/${i}.conf --renew-by-default
  done
# Start web services
if /usr/bin/systemctl restart ${WEBSERVER} ; then
   echo "Web service re-started after certificate renewal."
else
   echo "Failed to start web services"
fi

Reference :

1.  https://wiki.k2patel.in/doku.php?id=letsencrypt

Please follow and like us:
0

Leave a Reply

Your email address will not be published. Required fields are marked *