Changes

Changes

1,204 bytes added , 16:50, 17 December 2015

→‎Generate the certificate on the SME Server: Add example to automate copying cert files to private server

Line 158: Line 158:

The Letsencrypt client will run and place the certificate files in /etc/letsencrypt/live/privateserver.yourdomain.tld/ on your SME Server. You can then copy them to your internal server and install them using whatever mechanism that server provides. This will not alter the configuration of your SME Server.

Once the certificate files are created, installing them on the internal server can be automated. One possible way to do this is to first ensure that the root user on your SME server has an [[SSH Public-Private Keys|SSH public key]] generated, that key does not have a passphrase assigned, and that key is trusted by the root user on your internal server. Then, you can add the following to your renewal script:

/opt/letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot \

--webroot-path /home/e-smith/files/primary/html --email admin@yourdomain.tld \

-d privateserver.yourdomain.tld

export CERTDIR="/etc/letsencrypt/live/privateserver.yourdomain.tld"

scp $CERTDIR/cert.pem root@privateserver:/etc/pki/tls/certs/privateserver.yourdomain.tld.crt

scp $CERTDIR/privkey.pem root@privateserver:/etc/pki/tls/private/privateserver.yourdomain.tld.key

scp $CERTDIR/chain.pem root@privateserver:/etc/pki/tls/certs/server-chain.crt

ssh root@privateserver /sbin/service httpd restart

You will, of course, need to modify the paths on the internal server to be consistent with where that server expects the certificate files to be; the paths above are applicable to a CentOS-based server.

=== Generate the certificate on the internal server ===

DanB35

147

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/29904"

Letsencrypt (view source)

Revision as of 16:50, 17 December 2015

Navigation menu

Search