3,704
edits
Changes
From SME Server
Jump to navigationJump to search
mLine 143:
Line 143: − + − + − + − + − +
→Renewal of the certificates: Letsencrypt.sh -> dehydrated
As part of the security of Letsencrypt the certificates must be renewed every 3 months. The process will differ depending on whether you're using the official client or letsencrypt.sh.
As part of the security of Letsencrypt the certificates must be renewed every 3 months. The process will differ depending on whether you're using the official client or letsencrypt.sh.
=== Using Letsencrypt.sh ===
=== Using Dehydrated ===
When run, the Letsencrypt.sh script will check your existing certificate to see how long it's valid. If it has less than 30 days' lifetime remaining (by default; this can be changed by setting RENEW_DAYS in config to something other than 30), the script will renew your certificates. If more than 30 days remain, the script will exit without further action. All that's necessary is to run letsencrypt.sh daily:
When run, the dehydrated script will check your existing certificate to see how long it's valid. If it has less than 30 days' lifetime remaining (by default; this can be changed by setting RENEW_DAYS in config to something other than 30), the script will renew your certificates. If more than 30 days remain, the script will exit without further action. All that's necessary is to run dehydrated daily:
nano -w /etc/cron.daily/call-letsencrypt.sh
nano -w /etc/cron.daily/call-dehydrated
Enter the following in this file:
Enter the following in this file:
#!/bin/bash
#!/bin/bash
/usr/local/bin/letsencrypt.sh -c
/usr/local/bin/dehydrated -c
Ctrl-X to exit, Y to save. Then make it executable:
Ctrl-X to exit, Y to save. Then make it executable:
chmod +x /etc/cron.daily/call-letsencrypt.sh
chmod +x /etc/cron.daily/call-dehydrated
== Backup ==
== Backup ==
