certboting
proc
certbot in action
prerequisites
- check
pip3 list | egrep -i 'pyOpenSSL'
- check
re/new
certboting-funcs.sh
function cbdeal { DEAL=$1 DNS_OPTIONS=$2 /opt/certbot/bin/certbot show_account \ --config-dir conf-${DEAL} --work-dir work-${DEAL} --logs-dir logs-${DEAL} /opt/certbot/bin/certbot certonly --manual \ --config-dir conf-${DEAL} --work-dir work-${DEAL} --logs-dir logs-${DEAL} \ --preferred-challenges dns ${DNS_OPTIONS} tar czvf certpack-${DEAL}.tgz \ -C conf-${DEAL}/live/$(ls -1rt conf-${DEAL}/live/ | tail -n1) \ -h fullchain.pem privkey.pem }
then
source certboting-funcs.sh cbdeal '<account-folder>' '-d example.com -d www.example.com'
copy
scp ./certpack-{pack1,pack2}.tgz ...:.
deploy
function certinstall { Q=$1 tar xvf certpack-${Q}.tgz install -v -o root -g root -m 600 -T privkey.pem /etc/nginx/ssl-private/${Q}-privkey.pem install -v -o root -g root -m 644 -T fullchain.pem /etc/nginx/ssl-certs/${Q}-fullchain.pem rm -v privkey.pem fullchain.pem certpack-${Q}.tgz }
then at the target machine with nginx
certinstall <file-suffix>
certbot setup
https://certbot.eff.org/instructions?ws=other&os=pip
sudo apt update
sudo apt install python3 python3-venv libaugeas0
python3 -m venv /opt/certbot/
/opt/certbot/bin/pip install --upgrade pip
/opt/certbot/bin/pip install certbot