How to automatically detect and update the certificate issued by let's encrypt through getssl

by Devin Yang
(This article was automatically translated.)

Published - 7 years ago ( Updated - 7 years ago )

foreword

It's really great that let's encrypt provides free certificates. However, is it a bit troublesome to update the certificate every three months?
This article introduces how to use getssl to generate SAN certificate settings for multiple domain names, and put them into a schedule for automatic certificate renewal.
It's very simple, just six steps to get it done.

Note: In the following process, I use non-root permissions to set, if you need to use root to restart your nginx host,
 Please adjust the user you installed, or the restart command of the web server.

step

1. Download gessl through git and save it as scripts.
git clone https://github.com/srvrco/getssl scripts

2. For the first use, execute the following command
cd scripts
./getssl -c ccc.tc

Please replace the above name ccc.tc with your own domain name .
It will create a .getssl folder and a ccc.tc directory in your home directory
creating main config file /home/devin_yang/.getssl/getssl.cfg
Making domain directory - /home/devin_yang/.getssl/ccc.tc
creating domain config file in /home/devin_yang/.getssl/ccc.tc/getssl.cfg

3. Use vim to edit the settings, and simply copy the path displayed in the second step.
vim /home/devin_yang/.getssl/ccc.tc/getssl.cfg

4. The following getssl.cfg settings are for reference only, please adjust according to your actual host directory and certificate folder. 
#選取發送憑證的主機
CA="https://acme-v01.api.letsencrypt.org"
# additional domain names
SANS="www.ccc.tc, devin.ccc.tc, mail.ccc.tc"

#Set the ACME path, because I installed it in the dlaravel environment, and ccc is my project directory.
#Remember to create this directory under public.well-known/acme-challenge
ACL=('/home/devin_yang/dlaravel/sites/ccc/public/.well-known/acme-challenge')
USE_SINGLE_ACL="true"

# Set the credential path
CA_CERT_LOCATION="/home/devin_yang/dlaravel/etc/ssl/cert.crt"
DOMAIN_CHAIN_LOCATION="/home/devin_yang/dlaravel/etc/ssl/fullchain.pem"
DOMAIN_PEM_LOCATION="/home/devin_yang/dlaravel/etc/ssl/privkey.pem"
#D-Laravel's nginx overload instruction
RELOAD_CMD="bash -c 'cd /home/devin_yang/dlaravel; ./console reload'"

#Set host type
​​​​​​​​SERVER_TYPE="https"
Regarding RELOAD_CMD , if you are not using D-Laravel (docker-compose environment),
For example: nginx, the reload method in nginx should be nginx -s reload , or in the old version of CentOS or RedHat Apache, you should be able to use service httpd graceful .
I will not explain the relevant settings and instructions of the host part. In this article, I assume that the reader has already set the certificate of let's encrypt on the host, and only needs to complete the automatic update function.

5. Manually update the credentials and restart the nginx host
cd ~/scripts
 ./getssl ccc.tc

6. Use crontab to put in the scheduled check every time and update it automatically 
15 5 * * * /home/devin_yang/scripts/getssl -u -a -q

Supplement: If it is necessary to force the renewal of the certificate, we can use the -f parameter, for example, my SAN has added a new domain name 
getssl -f ccc.tc

For the certificate setting method on nginx , you can refer to my article:
How to configure HTTPS on nginx to get an SSL A+ score from Qualys
 

Tags: dlaravel

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
php,docker,dlaravel

A brief introduction to the phpenv container environment I built

I don't have time to shoot an introduction video, so I'll just grab some pictures and introduce the container environment deviny/phpenv I use. https://github.com/DevinY/phpenvphpenv can be regarded as an evolutionary version of my previous D-Laravel open source project, conceptually extending the use of many Dlaravel operation methods. The update of the container tends to be controlled by the user to build his own image, so I am not very good at changing the version number. In fact, the php version number of D-Laravel seems to have not been changed for a long time:p

城堡
dlaravel

D-Laravel specific service restart

Normally, we use ./console restart to rebuild and execute contaiener. Sometimes, we have multiple services and don't want to restart all services at once, At this time, you can use ./console restart [servce name] to restart a specific service..

城堡
dlaravel

How to directly execute the php artisan of different projects in the container on the host.

This article is the application teaching of D-Laravel, how to directly execute php artisan in the container on the host side. After customizing the alias, you can directly execute php artisan in the contianer in the project folder on the host side. alias a="../../artisan.sh"