Embedded Files
Step 1 - Installing Certbot
Step 1 - Installing Certbot
sudo apt update
sudo apt install python3-certbot-nginx
Step 2 - Confirming Nginx’s Configuration
Step 2 - Confirming Nginx’s Configuration
sudo nano /etc/nginx/sites-available/your_wildcard_name.example.com
Step 3 - Allowing HTTPS Through the Firewall
Step 3 - Allowing HTTPS Through the Firewall
sudo apt-get install ufw
sudo ufw enable
sudo ufw allow 'Nginx Full'
sudo ufw allow http
sudo ufw allow https
sudo ufw status
Your status should now look like this:
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Step 4 - Obtaining an SSL Certificate
Step 4 - Obtaining an SSL Certificate
sudo certbot certonly --agree-tos --nginx -d *.example.com -w /home/pi/domoticz/www/ -w /var/lib/letsencrypt/
sudo cat /etc/letsencrypt/live/example.com/privkey.pem >> /home/pi/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/example.com/fullchain.pem >> /home/pi/domoticz/server_cert.pem
sudo cp /home/pi/domoticz/server_cert.pem /home/pi/domoticz/letsencrypt_server_cert.pem
sudo /etc/init.d/domoticz.sh restart
sudo cat /etc/ssl/certs/dhparam.pem >> /home/pi/domoticz/server_cert.pem
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 2048 #bit long safe prime, generator 2
sudo cat /etc/ssl/certs/dhparam.pem >> /home/pi/domoticz/server_cert.pem
sudo /etc/init.d/domoticz.sh restart
crontab -e
0 23 * * 5 sudo certbot-auto renew --webroot -w /home/pi/domoticz/www/ --deploy-hook /home/pi/domoticz/scripts/deploy-cert.sh >/dev/null
Step 5 - Renew an SSL Certificate before expire date
Step 5 - Renew an SSL Certificate before expire date
#Check Status of certificates
sudo certbot certificates
#This one is working for my system
sudo certbot --nginx
sudo certbot --authenticator standalone --installer nginx -d example.com -d *.example.com
# To obtain and see SSL Certificate expire date
sudo certbot renew --dry-run
or
#To renew SSL Certificate manual
sudo certbot certonly --manual
or
#To renew SSL Certificate manual
sudo certbot renew --cert-name example.com -d example.com -d *.example.com
or
sudo certbot certonly --cert-name example.com --nginx -d *.example.com-d example.com
or
sudo certbot --authenticator --installer nginx -d example.com -d *.example.com --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
Page updated
Google Sites
Report abuse