certbot - EFF tool for using Let's Encrypt certificates ChangeLog

HOWTO


# certbot
# =======
# Prerequisites:
# Augeas
# Python 3.x
# 'su' or sudo

# If you have certbot-auto installed, you'll need to remove that before you proceed

# Resources:
# Let's Encrypt
# Uninstalling certbot-auto
# Electronic Frontier Foundation (EFF)


# Become root to install everything
# (unless you will have a dedicated user to run it)
su -

# Create a Python virtual environment for Certbot
python3 -m venv /opt/certbot/

# Upgrade Python's 'pip' in the virtual environment
/opt/certbot/bin/pip install --upgrade pip

# Install Certbot using 'pip'
/opt/certbot/bin/pip install certbot

# Create a symlink to a path in your PATH
ln -s /opt/certbot/bin/certbot /usr/bin/certbot


### get and install certs



### Set up automatic upgrade of certbot

## Create a certbot-auto.sh script in /home/you/bin/ or /usr/local/bin/ or
## wherever you like and make it executable
## If it will go in root's crontab, they can go in there as-is
## If it will go in a non-root user crontab, each command must be run
##  with "su -c" or sudo
## If you use sudo, you will need something in /etc/sudoers or /etc/sudoers.d/certbot
##  like this:
# jimbob serverhostname = (root) NOPASSWD:SETENV: /usr/bin/certbot

# #!/bin/sh
# /opt/certbot/bin/python -c 'import random; import time; time.sleep(random.random() * 3600)'
# sudo /opt/certbot/bin/pip install --upgrade pip
# sudo /opt/certbot/bin/pip install --upgrade certbot certbot-apache



# Set up automatic certificate renewal in cron
#
# Either put them in root's crontab, or your own non-root user crontab
# ('crontab -e user' running each thing with 'su -c script.sh'),
# or allow your non-root user to run it via sudo, if you're set up
# for that.  Slackware favors 'su' so you may have an unconfigured sudo
# or even not have sudo installed.
#
# Root's crontab:

# Non-root user crontab, run certbot-upgrade.sh on the 16th of the month at
# 3:38am (certbot-upgrade.sh uses sudo):
38 3 16 * *     /home/jimbob/bin/certbot-upgrade.sh

### sudo for your non-root user
## Create /etc/sudoers.d/certbot-user_bin:
# jimbob serverhostname = (root) NOPASSWD:SETENV: /usr/bin/certbot
## Create /etc/sudoers.d/pip-certbot:
# jimbob serverhostname = (root) NOPASSWD:SETENV: /usr/bin/python3
# jimbob serverhostname = (root) NOPASSWD:SETENV: /opt/certbot/bin/pip



# Either have a script sleep for a random amount of time before running it,
# or set your cron job to run at an uncommon time like 3:47am
#
# You can create a really long one liner, or just create two scripts,
# certbot-upgrade.sh and certbot-renew.sh
# The following example would run it
# Create a cron job similar to the following, which would

List of HOWTOs

Web page itself last updated: 2023-12-20 8:06pm (EST -0500)
HOWTO last updated: 2022-06-12 3:43pm
Copyright © 2001-2024 Jason Englander. All Rights reserved.
[HTML5]