[ALUG] StartCom Class 1 DV Server CA
Kevin Chege
chege at isoc.org
Thu Mar 9 21:28:13 EAT 2017
Yes
@Hamisi, Tim and Andreas have detailed the automatic renewal for
LetsEncrypt. Just run it at a time when there is minimal to no traffic to
your website so like from midnight or 1am.
You can also add Nagios to check your various certificates and warn you in
the event one is about to expire just as a precaution.
Kevin
On 09/03/2017, 9:07 PM, "Linux on behalf of Andreas Tauscher via Linux"
<linux-bounces at mail.habari.co.tz on behalf of linux at mail.habari.co.tz>
wrote:
>With a little change in the order:
>First renewing the certificate and then reloading webserver.
>Reducing the downtime to nearly not recognisable.
>I renew my letsencrypt certificates every two months. Weekly is really
>not needed.
>For certificates used with DANE or key pinning hey are dumped in a
>separate directory and another cron job is rotating the DNS records and
>pinning headers before changing them really.
>All a little bit bash and perl-fu
>
>Am 9. März 2017 20:32:43 GMT+03:00 schrieb Tim Schofield via Linux
><linux at mail.habari.co.tz>:
>>I have a simple bash script that stops the web server (nginx in my
>>case), runs that command I posted in my previous post and then
>>restarts the web server:
>>
>>#!/bin/bash
>>/etc/init.d/nginx stop
>>cd /path/to/letsencrypt
>>./letsencrypt-auto renew
>>/etc/init.d/nginx start
>>
>>
>>I run this once a week from cron and it just updates all of my
>>certificates automatically. The stopping and starting the web server
>>is a pain but that is all, and it is only down for a second or two
>>once a week so for my purposes that is fine.
>>
>>Tim
>>
>>On 9 March 2017 at 16:52, <administrator at banana.co.tz> wrote:
>>> Dear Tim,
>>>
>>>
>>>
>>> More details on the autorenew process please
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>>
>>>
>>> Sent from my Windows 10 phone
>>>
>>>
>>>
>>> From: Tim Schofield
>>> Sent: Thursday, March 9, 2017 18:24
>>> To: Linux Users in Arusha
>>> Cc: Kevin Chege; Linux Users in Arusha; Hamisi Jabe
>>> Subject: Re: [ALUG] StartCom Class 1 DV Server CA
>>>
>>>
>>>
>>> On 9 March 2017 at 15:09, Hamisi Jabe via Linux
>><linux at mail.habari.co.tz>
>>> wrote:
>>>
>>>
>>>
>>>>
>>>
>>>> Anyway is there any autorenewal of the letsencrypt certificates?
>>>
>>>>
>>>
>>>>
>>>
>>>
>>>
>>> Yes there is. Just issue the command:
>>>
>>>
>>>
>>> letsencrypt-auto renew
>>>
>>>
>>>
>>> via a cron script.
>>>
>>>
>>>
>>> Tim
>>>
>>>
>>
>>
>>
>>--
>>Course View Towers,
>>Plot 21 Yusuf Lule Road,
>>Kampala
>>T +256 (0) 312 314 418
>>M +256 (0) 752 963 325
>>www.weberpafrica.com
>>Twitter: @TimSchofield2
>>Blog: http://weberpafrica.blogspot.co.uk/
>>_______________________________________________
>>The Arusha Linux User Group: http://unix.or.tz
>>Linux mailing list
>>Linux at mail.habari.co.tz
>>https://mail.habari.co.tz/cgi-bin/mailman/listinfo/linux
>>
>>The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
>>http://www.habari.co.tz/
>>
>>The above comments and data are owned by whoever posted them (including
>>attachments if any). The mailing list host is not responsible for them
>>in any way.
>
>--
>Sent from my Android device with K-9 Mail. Please excuse my brevity.
>_______________________________________________
>The Arusha Linux User Group: http://unix.or.tz
>Linux mailing list
>Linux at mail.habari.co.tz
>https://mail.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
>The Arusha LUG mailing list is generously hosted by Habari Node Ltd:
>http://www.habari.co.tz/
>
>The above comments and data are owned by whoever posted them (including
>attachments if any). The mailing list host is not responsible for them in
>any way.
More information about the Linux
mailing list