Commit 4412cc27 authored by Mikaël Salson's avatar Mikaël Salson

doc/server.md: certbot renewal documentation

See vdj#523
parent f6ff4bed
Pipeline #240537 passed with stages
in 4 minutes and 4 seconds
......@@ -185,10 +185,13 @@ You can achieve this with the following steps:
cp /etc/letsencrypt/live/vdd.vidjil.org/fullchain.pem vidjil-client/ssl/web2py.crt
cp /etc/letsencrypt/live/vdd.vidjil.org/privkey.pem vidjil-client/ssl/web2py.key
```
The certificates can be renewed with `certbot renew` but beware to copy the certificates after that.
Instead of copying the certificates, you may wish to mount `/etc/letsencrypt` in the Docker image as a volume (*eg.* `/etc/letsencrypt:/etc/nginx/ssl`).
The certificates can be renewed with `certbot renew` to do so, you may wish to mount `/etc/letsencrypt` in the Docker image as a volume (*eg.* `/etc/letsencrypt:/etc/nginx/ssl`).
However beware, because you would not be able to start Nginx till the certificates are in place.
On certificate renewal (with `certbot`), you then need to restart the Nginx server.
On certificate renewal (with `certbot`), you then need to restart the Nginx server. The following `cron` line can be used for certificate renewal (you may want to update the paths):
```
0 0 1 * * root (test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(14400))' && certbot --webroot -w /opt/vidjil/certs renew && (cd /path/to/vidjil/docker/vidjil/docker; sudo -u vidjil docker-compose stop nginx && sudo -u vidjil docker-compose rm -f nginx && sudo -u vidjil docker-compose up -d nginx)) >> /var/log/certbot.log 2>&1
```
If necessary, in `docker-compose.yml`, update `nginx.volumes`, line `./vidjil-client/ssl:/etc/nginx/ssl`, to set the directory with the certificates.
The same can be done for the `postfix` container.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment