muerwre/muerwre.github.io
1
0
Fork 0
mirror of https://github.com/muerwre/muerwre.github.io.git synced 2025-04-25 02:46:39 +07:00
Code Issues Projects Releases Packages Wiki Activity Actions
muerwre.github.io/content/Linux/Certbot well-known auto renew.md
Fedor Katurov dc01ec2861 wrote article on cert renewal
2024-03-06 18:14:59 +07:00

1,022 B
Raw Blame History

This is translation of article from clsv.ru, which explains how to automate certbot's well-known, also known as HTTP challenge for wildcard certs renewal.

You'll need 4 scripts:

  1. Authentication script, which will write authentication file:
#!/bin/bash
echo $CERTBOT_VALIDATION > /var/www/html/.well-known/$CERTBOT_TOKEN
  1. Cleanup script, that will delete that
#!/bin/bash
rm -f /var/www/html/.well-known/$CERTBOT_TOKEN
  1. Initial cert acquiring script:
certbot certonly \
  --preferred-challenges=http --manual \
  --manual-auth-hook /path/to/auth.sh \
  --manual-cleanup-hook /oath/to/clean.sh 
  -d "vault48.org,*.vault48.org" \
  --manual-public-ip-logging-ok
  1. Renewal script itself to put it in crontab
certbot renew --manual-public-ip-logging-ok \
  --manual-auth-hook /path/to/auth.sh \
  --manual-cleanup-hook /path/to/clean.sh

Don't forget to configure your http server to serve .well-known.