mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
chore(kb): add certbot article
This commit is contained in:
Michele Cereda
102
knowledge base/certbot.md
Normal file
102
knowledge base/certbot.md
Normal file
@@ -0,0 +1,102 @@
|
|||||||
|
# Certbot
|
||||||
|
|
||||||
|
Client that fetches a TLS certificate from [Let's Encrypt] and deploys it to a web server.
|
||||||
|
|
||||||
|
1. [TL;DR](#tldr)
|
||||||
|
1. [Further readings](#further-readings)
|
||||||
|
1. [Sources](#sources)
|
||||||
|
|
||||||
|
## TL;DR
|
||||||
|
|
||||||
|
Meant to be run on one's web server via the CLI.
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Setup</summary>
|
||||||
|
|
||||||
|
```sh
|
||||||
|
pip install 'certbot'
|
||||||
|
pip install 'certbot-dns-cloudflare' # leverage cloudflare
|
||||||
|
pip install 'certbot-dns-route53' # leverage AWS Route53
|
||||||
|
|
||||||
|
# Integrate with Nginx.
|
||||||
|
dnf install 'certbot' 'nginx' 'python3-certbot-nginx'
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Usage</summary>
|
||||||
|
|
||||||
|
```sh
|
||||||
|
# Request a certificate.
|
||||||
|
docker run -it --rm --name 'certbot' \
|
||||||
|
-v '/etc/letsencrypt:/etc/letsencrypt' -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
|
||||||
|
'certbot/certbot' certonly
|
||||||
|
|
||||||
|
# Request a certificate and validate it over DNS leveraging AWS Route53.
|
||||||
|
docker run -it --rm --name 'certbot' \
|
||||||
|
-v "$HOME/.aws:/root.aws:ro" \
|
||||||
|
-v '/etc/letsencrypt:/etc/letsencrypt' -v '/var/lib/letsencrypt:/var/lib/letsencrypt' \
|
||||||
|
'certbot/dns-route53' certonly
|
||||||
|
|
||||||
|
# Request a certificate.
|
||||||
|
# Certbot will temporarily spin up a web server listening on port 80 on the running machine.
|
||||||
|
certbot certonly --standalone
|
||||||
|
|
||||||
|
# Request a certificate *without* temporarily spin up a web server listening on port 80 on the running machine.
|
||||||
|
certbot certonly --webroot
|
||||||
|
|
||||||
|
# Request a certificate leveraging a running Nginx server.
|
||||||
|
certbot --nginx -d 'code.example.org' --non-interactive --agree-tos -m 'someone@example.org'
|
||||||
|
|
||||||
|
# Request a certificate leveraging AWS Route53.
|
||||||
|
certbot certonly --dns-route53 -d 'example.org' -d 'www.example.org'
|
||||||
|
|
||||||
|
# Request a certificate leveraging Cloudflare.
|
||||||
|
certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~'/.secrets/certbot/cloudflare.ini' \
|
||||||
|
--dns-cloudflare-propagation-seconds 60 -d 'example.org'
|
||||||
|
|
||||||
|
# Renew certificates.
|
||||||
|
certbot renew -q
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<!-- Uncomment if used
|
||||||
|
<details>
|
||||||
|
<summary>Real world use cases</summary>
|
||||||
|
|
||||||
|
```sh
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
-->
|
||||||
|
|
||||||
|
## Further readings
|
||||||
|
|
||||||
|
- [Website]
|
||||||
|
- [Codebase]
|
||||||
|
- [Let's Encrypt]
|
||||||
|
- [Nginx]
|
||||||
|
|
||||||
|
### Sources
|
||||||
|
|
||||||
|
- [Documentation]
|
||||||
|
|
||||||
|
<!--
|
||||||
|
Reference
|
||||||
|
═╬═Time══
|
||||||
|
-->
|
||||||
|
|
||||||
|
<!-- In-article sections -->
|
||||||
|
<!-- Knowledge base -->
|
||||||
|
[let's encrypt]: letsencrypt.md
|
||||||
|
[nginx]: nginx.md
|
||||||
|
|
||||||
|
<!-- Files -->
|
||||||
|
<!-- Upstream -->
|
||||||
|
[codebase]: https://github.com/certbot/certbot
|
||||||
|
[documentation]: https://certbot.eff.org/docs
|
||||||
|
[website]: https://certbot.eff.org/
|
||||||
|
|
||||||
|
<!-- Others -->
|
||||||
Reference in New Issue
Block a user