diff options
| author | David Luevano Alvarado <david@luevano.xyz> | 2024-03-01 04:17:45 -0600 |
|---|---|---|
| committer | David Luevano Alvarado <david@luevano.xyz> | 2024-03-01 04:17:45 -0600 |
| commit | ca9c5626495c00f6d6cffd4ae517a66db15b0832 (patch) | |
| tree | 9527428a30067c99f8a035e455770ec885e997ed | |
| parent | ab5cc111d51a8975f5f82e5a0b497b5f752acc5d (diff) | |
add ignore for temp entries
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | src/blog/temp/certbot_wildcard.md | 90 |
2 files changed, 2 insertions, 90 deletions
@@ -1,2 +1,4 @@ +# temp entries +**/temp/* # python venv .venv/ diff --git a/src/blog/temp/certbot_wildcard.md b/src/blog/temp/certbot_wildcard.md deleted file mode 100644 index 70c7782..0000000 --- a/src/blog/temp/certbot_wildcard.md +++ /dev/null @@ -1,90 +0,0 @@ -# Change DNS server to Vultr for Certbot automation and * certificate - -https://www.vultr.com/docs/introduction-to-vultr-dns/ -https://certbot.eff.org/instructions?ws=nginx&os=arch&tab=wildcard -https://github.com/bsorahan/certbot-dns-vultr -https://github.com/alexzorin/certbot-dns-multi - -https://wiki.archlinux.org/title/certbot#Managing_Nginx_server_blocks - -https://serverfault.com/questions/896711/how-to-totally-remove-a-certbot-created-ssl-certificate - - -certbote delete -pacman -Rns certbot-nginx # probably still needed, should install just in case -yay -S certbot-dns-vultr - -enable api https://www.vultr.com/api/ -https://my.vultr.com/settings/#settingsapi - -it autodetects tehe subnet for the access control (in my case an ipv6) - -create file with contents: - -```ini -dns_vultr_token = aabbccddeeff112233445566778899 -``` -and permissions: `600` -update create certificate script (by adding): - -```sh -CREDENTIALS_FILE=/path/to/credential/file -DOMAINS=example.com,mail.example.com,*.example.com -EMAIL=hey@example.xom - -certbot certonly --domains $DOMAINS --email $EMAIL \ ---authenticator dns-vultr ---dns-vultr-credentials $CREDENTIALS_FILE ---preferred-challenges dns-01 -``` - -the certificate will be installed at: - -``` -/etc/letsencrypt/live/example.com/fullchain.pem -/etc/letsencrypt/live/example.com/privkey.pem -``` - - -the renewal configuration is stored at: `/etc/letsencrypt/renewal/example.com.conf` useful when needing to change the api key - -test renew: - -```sh -certbot renew --dry-run -``` - -update the `certbot-renew.service` by adding the `nginx.service` restart hoook: `` -by doing `systemctl edit certbot-renew.service` and adding: - -```ini -[Service] -ExecStart=/usr/bin/certbot -q renew --post-hook "systemctl reload nginx.service" -``` - -create redirect all to https config: https://phoenixnap.com/kb/redirect-http-to-https-nginx - -```nginx -server { - listen 80 default_server; - server_name _; - return 301 https://$host$request_uri; -} -``` - -add the redirect config to `nginx.conf` - - -create the config file for 443 ssl (to include in each config file): - -```nginx -listen 443 ssl; -listen [::]:443 ssl; -http2 on; -ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot -ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot -include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot -ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -``` - -add this config to all config files that require it |