certbot
This is an old revision of the document!
Table of Contents
certbot
Install in Stretch
For Debian 9 (Stretch):
[ -f /etc/apt/sources.list.d/stretch-backports.list ] || cat <<'END' > /etc/apt/sources.list.d/stretch-backports.list # https://backports.debian.org/Instructions/ deb http://deb.debian.org/debian stretch-backports main END apt update apt install certbot python-certbot-apache -t stretch-backports
Configs
Postfix main.cf
smtpd_tls_key_file = /etc/ssl/private/HOST.EXAMPLE.COM.key smtpd_tls_cert_file = /etc/ssl/fullchain.cer
Proftpd tls.conf
TLSRSACertificateFile /etc/ssl/HOST.EXAMPLE.COM.cer TLSRSACertificateKeyFile /etc/ssl/private/HOST.EXAMPLE.COM.key TLSCACertificateFile /etc/ssl/fullchain.cer
Dovecot conf.d/10-ssl.conf
ssl_cert = </etc/ssl/fullchain.cer ssl_key = </etc/ssl/private/HOST.EXAMPLE.COM.key
Postgresql 9.6/main/postgresql.conf
ssl_cert_file = '/etc/ssl/HOST.EXAMPLE.COM.cer' # (change requires restart) ssl_key_file = '/docs/pg_data/9.6/main/server.key' # (change requires restart)
Use cron instead of systemd timers
systemctl --all list-timers systemctl stop certbot.timer systemctl disable certbot.timer systemctl mask certbot.timer m=$(( RANDOM % 60 )); h=$(( RANDOM % 24 )); d=$(( RANDOM % 7 )) echo "## Let's Encrypt SSL certificate renewal with certbot" | tee -a /etc/crontab echo "$m $h * * $d root /usr/bin/certbot -q renew" | tee -a /etc/crontab # dom=$(( 1+ RANDOM % 31 )) mon=$(( 1+ RANDOM % 12 ))
/docs/dokuwiki/data/attic/certbot.1569842721.txt.gz · Last modified: 2019-09-30 13:25:21 by mi
