Difference between revisions of "Certbot"
Jump to navigation
Jump to search
(add keytool example) |
(Add meza instructions) |
||
| Line 16: | Line 16: | ||
Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | ||
| + | === Current Setup for Meza === | ||
| + | <source lang="bash"> | ||
| + | cd ~/src/ansible-certbot | ||
| + | # edit host file as needed, setup DNS as needed | ||
| + | # check if the user you expect to use can SSH to the host | ||
| + | ssh centos@demo.qualitybox.us | ||
| + | # activate ansible | ||
| + | source ~/bin/ansible/hacking/env-setup | ||
| + | ansible --version | ||
| + | # edit letsencrypt.yml as needed to identify the host for the play | ||
| + | ansible-playbook -i hosts letsencrypt.yml | ||
| + | # if installing by package (default), then certbot is installed "normally". If by source, it's in /opt/certbot | ||
| + | ## on the target host | ||
| + | # see if there are any certificates | ||
| + | certbot certificates | ||
| + | # fix HAProxy to make sure Apache is accessible, but don't install into Apache, just use webroot | ||
| + | certbot --webroot -w /opt/htdocs/ -d demo.qualitybox.us | ||
| + | # then run meza deploy to concatenate the cert files into a .pem file installed into HAproxy | ||
| + | </source> | ||
== With HAProxy == | == With HAProxy == | ||
