Skip to main content
Topic: lets encrypt certbot (Read 584 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

lets encrypt certbot

anyone using certbot for letsencrypt from the EFF with manual install?

Re: lets encrypt certbot

Reply #1
I do for my self host but in standalone mode, temporarily moving the forward for 80 and 443 to the pc i'm running it on for it to pass.
A botch job but afaik it's the only way that does not require immense verbosity in order to get a cert from let's encrypt. (there used to be that acme automated thing but completely broken last time i tried it)

Re: lets encrypt certbot

Reply #2
I use letsencrypt with nginx for my home website. I have a daily cron job.  I use dynu.com to provide me with a fixed domain name. LE uses dns checks to verify the domain so I have to set up Dynu_ClientId & Dynu_Secret. I have only one website *****.org, and set up initially using standard acme.sh command.

Cron
Code: [Select]
/srv/nginx/etc_nginx/certs/acme.sh/xacme.sh --cron

The xacme.sh just sets up  my standard environment and then runs the original script ie

xacme.sh
Code: [Select]
#!/bin/bash
export USER_PATH='/opt/vc/bin:........'
export LE_WORKING_DIR="/srv/nginx/certs/acme.sh"
export LE_CONFIG_HOME="/srv/nginx/certs/acme.sh/data"
export CERT_HOME="/srv/nginx/certs/acme.sh/certs"
export ACCOUNT_EMAIL='*****@gmail.com'
export Dynu_ClientId="***************************"
export Dynu_Secret="*******************************"

exec $LE_WORKING_DIR/acme.sh "$@"

Normally nothing needs to be done. When the cert gets old it updates. The nginx server is restarted every day so will pick up the new cert almost immediately.

Re: lets encrypt certbot

Reply #3
Quote from: Hitman – on
I do for my self host but in standalone mode, temporarily moving the forward for 80 and 443 to the pc i'm running it on for it to pass.
A botch job but afaik it's the only way that does not require immense verbosity in order to get a cert from let's encrypt. (there used to be that acme automated thing but completely broken last time i tried it)


i fail to understand

Re: lets encrypt certbot

Reply #4
Quote from: replabrobin – on
I use letsencrypt with nginx for my home website. I have a daily cron job.  I use dynu.com to provide me with a fixed domain name. LE uses dns checks to verify the domain so I have to set up Dynu_ClientId & Dynu_Secret. I have only one website *****.org, and set up initially using standard acme.sh command.

Cron
Code: [Select]
/srv/nginx/etc_nginx/certs/acme.sh/xacme.sh --cron

The xacme.sh just sets up  my standard environment and then runs the original script ie

xacme.sh
Code: [Select]
#!/bin/bash
export USER_PATH='/opt/vc/bin:........'
export LE_WORKING_DIR="/srv/nginx/certs/acme.sh"
export LE_CONFIG_HOME="/srv/nginx/certs/acme.sh/data"
export CERT_HOME="/srv/nginx/certs/acme.sh/certs"
export ACCOUNT_EMAIL='*****@gmail.com'
export Dynu_ClientId="***************************"
export Dynu_Secret="*******************************"

exec $LE_WORKING_DIR/acme.sh "$@"

Normally nothing needs to be done. When the cert gets old it updates. The nginx server is restarted every day so will pick up the new cert almost immediately.


I do my own DNS and so forth.   I was considering doing it manually

Re: lets encrypt certbot

Reply #5
Quote from: mrbrklyn – on
i fail to understand
I only assumed you do not have any special use case and just running --standalone will suffice for the simplest setup possible, my address is a isp provided ddns for instance.
By doing your own dns you mean you have a 'named' server of some sort?

Re: lets encrypt certbot

Reply #6
Quote from: Hitman – on
Quote from: mrbrklyn – on
i fail to understand
I only assumed you do not have any special use case and just running --standalone will suffice for the simplest setup possible, my address is a isp provided ddns for instance.
By doing your own dns you mean you have a 'named' server of some sort?

Sure, - why use anyone elses?  I have a box - and a IP address...  I am SOA for my domains.