[ALUG] StartCom Class 1 DV Server CA

Andreas Tauscher ta at geuka.net
Thu Mar 9 21:07:15 EAT 2017 

With a little change in the order:
First renewing the certificate and then reloading webserver.
Reducing the downtime to nearly not recognisable.
I renew my letsencrypt certificates every two months. Weekly is really not needed.
For certificates used with DANE or key pinning hey are dumped in a separate directory and another cron job is rotating the DNS records and pinning headers before changing them really.
All a little bit bash and perl-fu

Am 9. März 2017 20:32:43 GMT+03:00 schrieb Tim Schofield via Linux <linux at mail.habari.co.tz>:
>I have a simple bash script that stops the web server (nginx in my
>case), runs that command I posted in my previous post and then
>restarts the web server:
>
>#!/bin/bash
>/etc/init.d/nginx stop
>cd /path/to/letsencrypt
>./letsencrypt-auto renew
>/etc/init.d/nginx start
>
>
>I run this once a week from cron and it just updates all of my
>certificates automatically. The stopping and starting the web server
>is a pain but that is all, and it is only down for a second or two
>once a week so for my purposes that is fine.
>
>Tim
>
>On 9 March 2017 at 16:52,  <administrator at banana.co.tz> wrote:
>> Dear Tim,
>>
>>
>>
>> More details on the autorenew process please
>>
>>
>>
>> Thanks
>>
>>
>>
>>
>>
>> Sent from my Windows 10 phone
>>
>>
>>
>> From: Tim Schofield
>> Sent: Thursday, March 9, 2017 18:24
>> To: Linux Users in Arusha
>> Cc: Kevin Chege; Linux Users in Arusha; Hamisi Jabe
>> Subject: Re: [ALUG] StartCom Class 1 DV Server CA
>>
>>
>>
>> On 9 March 2017 at 15:09, Hamisi Jabe via Linux
><linux at mail.habari.co.tz>
>> wrote:
>>
>>
>>
>>>
>>
>>> Anyway is there any autorenewal of the letsencrypt certificates?
>>
>>>
>>
>>>
>>
>>
>>
>> Yes there is. Just issue the command:
>>
>>
>>
>> letsencrypt-auto renew
>>
>>
>>
>> via a cron script.
>>
>>
>>
>> Tim
>>
>>
>
>
>
>-- 
>Course View Towers,
>Plot 21 Yusuf Lule Road,
>Kampala
>T   +256 (0) 312 314 418
>M +256 (0) 752 963 325
>www.weberpafrica.com
>Twitter: @TimSchofield2
>Blog: http://weberpafrica.blogspot.co.uk/
>_______________________________________________
>The Arusha Linux User Group: http://unix.or.tz
>Linux mailing list
>Linux at mail.habari.co.tz
>https://mail.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
>The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
>http://www.habari.co.tz/
>
>The above comments and data are owned by whoever posted them (including
>attachments if any). The mailing list host is not responsible for them
>in any way.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

More information about the Linux mailing list