-
Notifications
You must be signed in to change notification settings - Fork 0
Free SSL Certs
Matvey Gladkikh edited this page Oct 6, 2021
·
15 revisions
curl -L 'https://git.io/JaXBn' > /usr/local/bin/certbot-to-acme.sh; chmod +x /usr/local/bin/certbot-to-acme.sh; certbot-to-acme.sh
curl https://get.acme.sh | sh
/root/.acme.sh/acme.sh --set-default-ca --server zerossl
/root/.acme.sh/acme.sh --register-account -m [email protected]
/root/.acme.sh/acme.sh -w /var/www/html --issue -d domain.com -d www.domain.com
export HETZNER_Token="HETZNERTOKEN"; /root/.acme.sh/acme.sh --issue --dns dns_hetzner -d domain.com
#acme.sh crontab /etc/acme nginx reload via (--renew-hook)
0 1 * * * /root/.acme.sh/acme.sh --renew-all --renew-hook "/etc/init.d/nginx reload" &> /dev/null
#show old certificates:
for domain in `certbot-auto certificates 2>/dev/null |grep "Domains:" |awk -F'Domains:' '{print$2}'`; do echo -n " -d $domain"; done;
#добавить в конфиг нгинкса:
location /.well-known {
root /var/www/html;
}
#или в апаче:
Alias "/.well-known" "/var/www/html/.well-known"
#пример валидного конфига:
server {
listen *:80;
server_name static.domain.com;
location /.well-known {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name domain.com;
listen *:443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
location / {
root /var/www/domain.com;
}
}