Letsencrypt: Difference between revisions
From DWIKI
m →HOWTO Tag: wikieditor |
m →HOWTO Tag: wikieditor |
||
| Line 25: | Line 25: | ||
== Restart service after renewal == | == Restart service after renewal == | ||
In '''etc/letsencrypt/renewal''' under '''[renewalparams]''' add | In '''etc/letsencrypt/renewal/example.com.conf''' under '''[renewalparams]''' add | ||
renew_hook = systemctl reload dovecot | renew_hook = systemctl reload dovecot | ||
Revision as of 09:06, 25 February 2025
Free SSL certificates
Links
HOWTO
Disable auto renewal
Rename renewal file'
/etc/letsencrypt/renewal/example.com.conf.disabled
or in /etc/letsencrypt/renewal/example.com.conf under [renewalparams] add:
autorenew = False
Update cert(s)
certbot
Remove certs/domain
certbot delete --cert-name www.example.com
Restart service after renewal
In etc/letsencrypt/renewal/example.com.conf under [renewalparams] add
renew_hook = systemctl reload dovecot
With and without www
certbot --apache -d example.com -d www.example.com
Allow access to non-root user
setfacl -R -m u:someuser:rX /etc/letsencrypt/{live,archive}/example.org, and then
setfacl -m u:someuser:rX /etc/letsencrypt/{live,archive}
FAQ
Certbot Error messages
This website does not supply ownership information.
sod that
archive directory exists
Maybe you're using SNI, try
certbot --apache -d "www.example.com,example"
Failed to parse: https://acme-v02.api.letsencrypt.org/directory
Most likely your system is using an old urllib3, which relies on python3-six. If Ubuntu: switch to Certbot using snap
