certboting

proc

certbot in action

  1. prerequisites

    • check pip3 list | egrep -i 'pyOpenSSL'
  2. re/new

    certboting-funcs.sh
    function cbdeal {
        DEAL=$1
        DNS_OPTIONS=$2
        /opt/certbot/bin/certbot show_account \
            --config-dir conf-${DEAL} --work-dir work-${DEAL} --logs-dir logs-${DEAL}
        /opt/certbot/bin/certbot certonly --manual \
            --config-dir conf-${DEAL} --work-dir work-${DEAL} --logs-dir logs-${DEAL} \
            --preferred-challenges dns ${DNS_OPTIONS}
        tar czvf certpack-${DEAL}.tgz \
            -C conf-${DEAL}/live/$(ls -1rt conf-${DEAL}/live/ | tail -n1) \
            -h fullchain.pem privkey.pem
    }

    then

    source certboting-funcs.sh
    cbdeal '<account-folder>' '-d example.com -d www.example.com'
  3. copy

    scp ./certpack-{pack1,pack2}.tgz ...:.
  4. deploy

    function certinstall {
        Q=$1
        tar xvf certpack-${Q}.tgz
        install -v -o root -g root -m 600 -T privkey.pem /etc/nginx/ssl-private/${Q}-privkey.pem
        install -v -o root -g root -m 644 -T fullchain.pem /etc/nginx/ssl-certs/${Q}-fullchain.pem
        rm -v privkey.pem fullchain.pem certpack-${Q}.tgz
    }

    then at the target machine with nginx

    certinstall <file-suffix>

certbot setup

https://certbot.eff.org/instructions?ws=other&os=pip

sudo apt update
sudo apt install python3 python3-venv libaugeas0
python3 -m venv /opt/certbot/
/opt/certbot/bin/pip install --upgrade pip
/opt/certbot/bin/pip install certbot