finish renewal script
This commit is contained in:
parent
fd33a1492f
commit
4bd44ba15e
|
@ -223,13 +223,13 @@ together a configuration that works for you.
|
|||
|
||||
frontend http-in
|
||||
# Listen on port 80
|
||||
bind *:80
|
||||
bind \*:80
|
||||
# Listen on port 443
|
||||
# Uncomment after running certbot for the first time, a certificate
|
||||
# needs to be installed *before* HAProxy will be able to start when this
|
||||
# directive is not commented.
|
||||
#
|
||||
bind *:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains
|
||||
bind \*:443 ssl crt /opt/certbot/haproxy_fullchains/__fallback.pem crt /opt/certbot/haproxy_fullchains
|
||||
|
||||
# Forward Certbot verification requests to the certbot-haproxy plugin
|
||||
acl is_certbot path_beg -i /.well-known/acme-challenge
|
||||
|
@ -263,7 +263,7 @@ together a configuration that works for you.
|
|||
server node3 127.0.0.1:8080 check
|
||||
server node4 127.0.0.1:8080 check
|
||||
# If redirection from port 80 to 443 is to be forced, uncomment the next
|
||||
# line. Keep in mind that the bind *:443 line should be uncommented and a
|
||||
# line. Keep in mind that the bind \*:443 line should be uncommented and a
|
||||
# certificate should be present for all domains
|
||||
redirect scheme https if !{ ssl_fc }
|
||||
|
||||
|
@ -313,6 +313,7 @@ minutes after the server boots, this is done so renewal starts immediately
|
|||
after the server has been offline for a long time.
|
||||
|
||||
.. code:: bash
|
||||
|
||||
cat <<EOF > /etc/systemd/system/letsencrypt.timer
|
||||
[Unit]
|
||||
Description=Run Let's Encrypt every 12 hours
|
||||
|
@ -334,6 +335,7 @@ after the server has been offline for a long time.
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=certbot
|
||||
ExecStart=/usr/bin/certbot renew -q
|
||||
EOF
|
||||
|
||||
|
|
|
@ -198,31 +198,37 @@ bash -c 'echo "vagrant ALL=NOPASSWD: /bin/systemctl restart haproxy"
|
|||
systemctl restart apache2
|
||||
systemctl restart haproxy
|
||||
|
||||
#cat <<EOF > /etc/systemd/system/letsencrypt.timer
|
||||
#[Unit]
|
||||
#Description=Run Let's Encrypt every 12 hours
|
||||
#
|
||||
#[Timer]
|
||||
## Time to wait after booting before we run first time
|
||||
#OnBootSec=2min
|
||||
## Time between running each consecutive time
|
||||
#OnUnitActiveSec=12h
|
||||
#Unit=letsencrypt.service
|
||||
#
|
||||
#[Install]
|
||||
#WantedBy=timers.target
|
||||
#EOF
|
||||
#
|
||||
#cat <<EOF > /etc/systemd/system/letsencrypt.service
|
||||
#[Unit]
|
||||
#Description=Renew Let's Encrypt Certificates
|
||||
#
|
||||
#[Service]
|
||||
#Type=simple
|
||||
#ExecStart=/usr/bin/certbot renew -q
|
||||
#EOF
|
||||
#
|
||||
#systemctl enable letsencrypt.timer
|
||||
#systemctl start letsencrypt.timer
|
||||
# Scripts that run certificate renewal for all certificates every 12 hours. Only
|
||||
# certificates that are due are renewed.
|
||||
cat <<EOF > /etc/systemd/system/letsencrypt.service
|
||||
[Unit]
|
||||
Description=Renew Let's Encrypt Certificates
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=vagrant
|
||||
ExecStart=/usr/bin/certbot renew -q
|
||||
EOF
|
||||
|
||||
cat <<EOF > /etc/systemd/system/letsencrypt.timer
|
||||
[Unit]
|
||||
Description=Run Let's Encrypt every 12 hours
|
||||
|
||||
[Timer]
|
||||
# Time to wait after booting before we run first time
|
||||
OnBootSec=2min
|
||||
# Time between running each consecutive time
|
||||
OnUnitActiveSec=12h
|
||||
Unit=letsencrypt.service
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
||||
EOF
|
||||
|
||||
# Reload for when there were already other scripts in place.
|
||||
systemctl daemon-reload
|
||||
# Enable and start the timer, which runs the service.
|
||||
systemctl enable letsencrypt.timer
|
||||
systemctl start letsencrypt.timer
|
||||
|
||||
echo "Provisioning completed."
|
||||
|
|
Reference in New Issue