finish renewal script

This commit is contained in:
Maarten de Waard 2016-08-23 10:21:16 +02:00
parent fd33a1492f
commit 4bd44ba15e
2 changed files with 37 additions and 29 deletions

View File

@ -223,13 +223,13 @@ together a configuration that works for you.
frontend http-in
# Listen on port 80
bind *:80
bind \*:80
# Listen on port 443
# Uncomment after running certbot for the first time, a certificate
# needs to be installed *before* HAProxy will be able to start when this
# directive is not commented.
#
bind *:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains
bind \*:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains
# Forward Certbot verification requests to the certbot-haproxy plugin
acl is_certbot path_beg -i /.well-known/acme-challenge
@ -263,7 +263,7 @@ together a configuration that works for you.
server node3 127.0.0.1:8080 check
server node4 127.0.0.1:8080 check
# If redirection from port 80 to 443 is to be forced, uncomment the next
# line. Keep in mind that the bind *:443 line should be uncommented and a
# line. Keep in mind that the bind \*:443 line should be uncommented and a
# certificate should be present for all domains
redirect scheme https if !{ ssl_fc }
@ -313,6 +313,7 @@ minutes after the server boots, this is done so renewal starts immediately
after the server has been offline for a long time.
.. code:: bash
cat <<EOF > /etc/systemd/system/letsencrypt.timer
[Unit]
Description=Run Let's Encrypt every 12 hours
@ -334,6 +335,7 @@ after the server has been offline for a long time.
[Service]
Type=simple
User=certbot
ExecStart=/usr/bin/certbot renew -q
EOF

View File

@ -198,31 +198,37 @@ bash -c 'echo "vagrant ALL=NOPASSWD: /bin/systemctl restart haproxy"
systemctl restart apache2
systemctl restart haproxy
#cat <<EOF > /etc/systemd/system/letsencrypt.timer
#[Unit]
#Description=Run Let's Encrypt every 12 hours
#
#[Timer]
## Time to wait after booting before we run first time
#OnBootSec=2min
## Time between running each consecutive time
#OnUnitActiveSec=12h
#Unit=letsencrypt.service
#
#[Install]
#WantedBy=timers.target
#EOF
#
#cat <<EOF > /etc/systemd/system/letsencrypt.service
#[Unit]
#Description=Renew Let's Encrypt Certificates
#
#[Service]
#Type=simple
#ExecStart=/usr/bin/certbot renew -q
#EOF
#
#systemctl enable letsencrypt.timer
#systemctl start letsencrypt.timer
# Scripts that run certificate renewal for all certificates every 12 hours. Only
# certificates that are due are renewed.
cat <<EOF > /etc/systemd/system/letsencrypt.service
[Unit]
Description=Renew Let's Encrypt Certificates
[Service]
Type=simple
User=vagrant
ExecStart=/usr/bin/certbot renew -q
EOF
cat <<EOF > /etc/systemd/system/letsencrypt.timer
[Unit]
Description=Run Let's Encrypt every 12 hours
[Timer]
# Time to wait after booting before we run first time
OnBootSec=2min
# Time between running each consecutive time
OnUnitActiveSec=12h
Unit=letsencrypt.service
[Install]
WantedBy=timers.target
EOF
# Reload for when there were already other scripts in place.
systemctl daemon-reload
# Enable and start the timer, which runs the service.
systemctl enable letsencrypt.timer
systemctl start letsencrypt.timer
echo "Provisioning completed."