Changes

From SME Server
Jump to navigationJump to search
1,204 bytes added ,  15:50, 17 December 2015
m
→‎Generate the certificate on the SME Server: Add example to automate copying cert files to private server
Line 158: Line 158:     
The Letsencrypt client will run and place the certificate files in /etc/letsencrypt/live/privateserver.yourdomain.tld/ on your SME Server.  You can then copy them to your internal server and install them using whatever mechanism that server provides.  This will not alter the configuration of your SME Server.
 
The Letsencrypt client will run and place the certificate files in /etc/letsencrypt/live/privateserver.yourdomain.tld/ on your SME Server.  You can then copy them to your internal server and install them using whatever mechanism that server provides.  This will not alter the configuration of your SME Server.
 +
 +
Once the certificate files are created, installing them on the internal server can be automated.  One possible way to do this is to first ensure that the root user on your SME server has an [[SSH Public-Private Keys|SSH public key]] generated, that key does not have a passphrase assigned, and that key is trusted by the root user on your internal server.  Then, you can add the following to your renewal script:
 +
 +
/opt/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot \
 +
  --webroot-path /home/e-smith/files/primary/html --email admin@yourdomain.tld \
 +
  -d privateserver.yourdomain.tld
 +
 +
export CERTDIR="/etc/letsencrypt/live/privateserver.yourdomain.tld"
 +
scp $CERTDIR/cert.pem root@privateserver:/etc/pki/tls/certs/privateserver.yourdomain.tld.crt
 +
scp $CERTDIR/privkey.pem root@privateserver:/etc/pki/tls/private/privateserver.yourdomain.tld.key
 +
scp $CERTDIR/chain.pem root@privateserver:/etc/pki/tls/certs/server-chain.crt
 +
ssh root@privateserver /sbin/service httpd restart
 +
 +
You will, of course, need to modify the paths on the internal server to be consistent with where that server expects the certificate files to be; the paths above are applicable to a CentOS-based server.
    
=== Generate the certificate on the internal server ===
 
=== Generate the certificate on the internal server ===
147

edits

Navigation menu