Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
infra:certificates [2016/04/16 11:13] 127.0.0.1 external edit |
infra:certificates [2017/02/09 19:25] sebian |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Installation ====== | ====== Installation ====== | ||
- | Let's encrypt certificates are managed on ''bargkass.ldn-fai.net'', installation and management was done using this howto: https://blog.sebian.fr/letsencrypt/ | + | Let's encrypt certificates are managed on ''leela.ldn-fai.net'', installation and management was done using this howto: https://blog.sebian.fr/letsencrypt/ |
====== Monitoring ====== | ====== Monitoring ====== | ||
- | https://conrad.ldn-fai.net/ | + | See [[https://conrad.ldn-fai.net/|LDN monitoring server]] |
Certificates are under supervision (for expiration), warning if the expiration date is less than 30 days, and critical for 10 days. | Certificates are under supervision (for expiration), warning if the expiration date is less than 30 days, and critical for 10 days. | ||
====== Renewal ====== | ====== Renewal ====== | ||
- | On ''bargkass.ldn-fai.net'' we have a little script in the ~root (''/root/letsencrypt-brique.sh'') for certificates renewal (using acme_tiny). | ||
- | <code bash> | + | Managed by [[https://github.com/Spredzy/lecm|lecm]] on ''leela.ldn-fai.net'' |
- | #!/bin/bash | + | |
- | + | ||
- | certs='hypercube.labriqueinter.net labriqueinter.net listes.labriqueinter.net repo.labriqueinter.net wiki.labriqueinter.net' | + | |
- | + | ||
- | pushd /etc/letsencrypt | + | |
- | for i in $certs | + | |
- | do | + | |
- | echo "##### $i #####" | + | |
- | acme_tiny.py --account-key ./private/labriqueinternet.key --csr ./csr/${i}.csr --acme-dir /etc/letsencrypt/challenges/${i}/ > ./certs/${i}.crt | + | |
- | cat ./certs/${i}.crt ./pem/intermediate.pem > ./pem/${i}.pem | + | |
- | done | + | |
- | popd | + | |
- | systemctl restart nginx | + | |
- | </code> | + | |
- | + | ||
- | Example output: | + | |
- | + | ||
- | <code> | + | |
- | ##### hypercube.labriqueinter.net ##### | + | |
- | Parsing account key... | + | |
- | Parsing CSR... | + | |
- | Registering account... | + | |
- | Already registered! | + | |
- | Verifying hypercube.labriqueinter.net... | + | |
- | hypercube.labriqueinter.net verified! | + | |
- | Verifying hypercube.internetcu.be... | + | |
- | hypercube.internetcu.be verified! | + | |
- | Signing certificate... | + | |
- | Certificate signed! | + | |
- | </code> | + |