Giter Club home page Giter Club logo

certbot-dns-cloudflare's Introduction

Using Certbot by EPEL package for SSL connection and auto renewal without HTTP verify (verify ACME token by DNS) .

deprecated

TL;DR

  1. Install Certbot.
  2. Getting certificates.
  3. Variable setting.
  4. Register Service and Timer.
  5. Activate.

prerequirement

  • All commands need you are "root" or you listed in "wheel" .
  • EPEL repository enabled .

1. Install Certbot

# yum install -y certbot

2. Getting certificates

# certbot certonly --preferred-challenges dns-01 --authenticator manual --domain _type.your.domain.here_

3. Variable setting

sed -i -e 's/^CERTBOT_ARGS=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^PRE_HOOK=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^RENEW_HOOK=/#\0/' /etc/sysconfig/certbot
sed -i -e 's/^POST_HOOK=/#\0/' /etc/sysconfig/certbot

cat << _EOT_ >> /etc/sysconfig/certbot

CLOUDFLARE_AUTH_KEY=_cloudflare.api.key.of.your.site_
CLOUDFLARE_AUTH_EMAIL=_email.address.associated.with.your.cloudflare.account_
CERTBOT_ARGS="--manual --preferred-challenges=dns --manual-auth-hook _/path/to/certbot-dns-cloudflare/_authenticator.sh --manual-cleanup-hook _/path/to/certbot-dns-cloudflare/_cleanup.sh -d _your.domain.here_ --agree-tos --keep-until-expiring --manual-public-ip-logging-ok"

PRE_HOOK=""
RENEW_HOOK=""
# add post Hook
# e.g. restart httpd after renewal, put variable : POST_HOOK="--post-hook 'systemctl restart httpd'".
POST_HOOK="--post-hook 'systemctl restart httpd'"

# e.g. overwrite PostgreSQL tls, put variable : POST_HOOK="--post-hook '_/path/to/certbot-dns-cloudflare/_postgresql.sh'".
#POST_HOOK="--post-hook '_/path/to/certbot-dns-cloudflare/_postgresql.sh'
#PGDATA=_/path/to/postgres/x.x/_/data
#PG_SERVICE=_service.name.of.postgresql-x.x_

_EOT_

4. Register Service and Timer

cat << _EOT_ >> /usr/lib/systemd/system/certbot-certonly.service
[Unit]
Description=This service automatically renews any certbot certificates found

[Service]
EnvironmentFile=/etc/sysconfig/certbot
Type=oneshot
ExecStart=/usr/bin/certbot certonly \$PRE_HOOK \$POST_HOOK \$RENEW_HOOK \$CERTBOT_ARGS

_EOT_

cat << _EOT_ >> /usr/lib/systemd/system/certbot-certonly.timer
[Unit]
Description=This is the timer to set the schedule for automated renewals

[Timer]
OnCalendar=daily
RandomizedDelaySec=6hours
Persistent=true

[Install]
WantedBy=timers.target

_EOT_

5. Activate

systemctl enable certbot-certonly.service && \
systemctl start certbot-certonly.timer && \
systemctl enable certbot-certonly.timer

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.