vendredi 20 décembre 2019

domoticz letsencrypt certbot auto renew

Install certificat :

cd ~
mkdir certbot
cd certbot/
wget https://dl.eff.org/certbot-auto
sudo chown root ./certbot-auto
sudo chmod 0755 ./certbot-auto
sudo ./certbot-auto certonly --standalone -d w4v3.com
lsa ~/domoticz/
sudo rm ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem >> ~/domoticz/server_cert.pem
sudo cat /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem >> ~/domoticz/server_cert.pem
sudo cp ~/domoticz/server_cert.pem ~/domoticz/domo_server_cert.pem
cd ..
cd domoticz/
sudo /etc/init.d/domoticz.sh restart

Wait 20s then check your server status using a browser : https://www.digicert.com/help/

Auto renew now :

cd ..
cd certbot/
nano cert-domoticz-update.sh

#!/bin/bash
/home/pi/certbot/certbot-auto renew
rm /home/pi/domoticz/server_cert.pem
rm /home/pi/domoticz/domo_server_cert.pem
cat /etc/letsencrypt/live/YOURDOMAIN.COM/privkey.pem >> /home/pi/domoticz/domo_server_cert.pem
cat /etc/letsencrypt/live/YOURDOMAIN.COM/fullchain.pem >> /home/pi/domoticz/domo_server_cert.pem
cp /home/pi/domoticz/domo_server_cert.pem /home/pi/domoticz/server_cert.pem
/etc/init.d/domoticz.sh restart

I use dietpi so home is /home/dietpi instead of /home/pi

Use Cron to renew certificat every day :

sudo chown root certDomoticzUpdate.sh
sudo chmod 0755 certDomoticzUpdate.sh

Place the script without extension in /etc/cron.daily

sudo cp /home/pi/certDomoticzUpdate.sh /etc/cron.daily/certDomoticzUpdate

Then verify cron status:

sudo run-parts --test /etc/cron.daily/


Scripte must appears in list


/etc/cron.daily/apt-compat
/etc/cron.daily/apt-show-versions
/etc/cron.daily/dietpi
/etc/cron.daily/dpkg
/etc/cron.daily/lighttpd
/etc/cron.daily/certDomoticzUpdate
/etc/cron.daily/passwd
Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)