Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
projets:fuz:spaceapi [2021-09-10 12:20] – [Resources] metrics.spaceapi.io -> .community Lomanic | projets:fuz:spaceapi [2021-12-05 19:51] – [Deployment] update certbot command & lighttpd conf according to current state Lomanic |
---|
curl localhost:3001 | curl localhost:3001 |
sudo mkdir -p /var/www/fuz.re/spaceapi/site | sudo mkdir -p /var/www/fuz.re/spaceapi/site |
sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook 'cat "$RENEWED_LINEAGE/privkey.pem" "$RENEWED_LINEAGE/cert.pem" > "$RENEWED_LINEAGE/combined.pem"' --post-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload' | sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload' |
</code> | </code> |
No need to mess with anything else, certbot is already called every ~12 hours as it was installed from Debian repos https://certbot.eff.org/docs/using.html#automated-renewals and lighttpd is reloaded after successful renewal. This config is persistent in ''/etc/letsencrypt/renewal/spaceapi.fuz.re.conf'' (automatically created by the previous certbot command), [[https://certbot.eff.org/docs/using.html#renewal-config-file|see its doc here]]. | No need to mess with anything else, certbot is already called every ~12 hours (see ''/etc/cron.d/certbot'') as it was installed from Debian repos https://certbot.eff.org/docs/using.html#automated-renewals and lighttpd is reloaded after successful renewal. This config is persistent in ''/etc/letsencrypt/renewal/spaceapi.fuz.re.conf'' (automatically created by the previous certbot command), [[https://certbot.eff.org/docs/using.html#renewal-config-file|see its doc here]]. |
| |
| (To note: the certbot command was originally ''<nowiki>sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook 'cat "$RENEWED_LINEAGE/privkey.pem" "$RENEWED_LINEAGE/cert.pem" > "$RENEWED_LINEAGE/combined.pem"' --post-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload'</nowiki>'' but combining certs is not useful anymore in lighttpd, see [[https://github.com/certbot/certbot/issues/94#issuecomment-658217459|certbot/certbot#94]]) |
| |
Corresponding lighttpd vhost config | Corresponding lighttpd vhost config |
ssl.engine = "enable" | ssl.engine = "enable" |
proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) | proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) |
ssl.ca-file = "/etc/letsencrypt/live/spaceapi.fuz.re/chain.pem" | ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem" |
ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/combined.pem" | ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem" |
} | } |
} | } |