Commit d288208e authored by Benoît's avatar Benoît
Browse files

Updated insctructions

parent f870c1df
......@@ -3,28 +3,27 @@
Script that automatically setups a Let's Encrypt certificate for R1Soft, and handles renewal.
Here is what the script does :
- Installs git (if not already installed)
- Updates the following packages : nss nss-util nss-sysinit nss-tools wget curl ca-certificates openssl
- Clones Let's Encrypt git repository (if not already cloned)
- Stops iptables
- Launches Let's Encrypt certificate creation/renewal
- Starts iptables
- Exits now if the certificate if not yet due to renewal
- Downloads Certbot (if not already done)
- Creates a keystore for R1Soft cdp
- Creates a Let's Encrypt certificate through Certbot
- Imports the certificate into R1Soft keystore
Just wget the script, change execution rights and launch it (followed by email address as argument) :
Just wget the script, change execution rights and launch it :
```bash
wget -N https://gitlab.haisoft.net/pub/R1Soft_LetsEncryptIntegration/raw/master/SSLR1Soft.sh ; chmod +x SSLR1Soft.sh
```
```bash
./SSLR1Soft.sh your@e.mail
./SSLR1Soft.sh
```
You can add a cron every 10 days to renew your certificates :
You can add a cron every month to renew your certificate :
```bash
0 0 */10 * * /root/SSLR1Soft.sh your@e.mail
0 0 */10 * * /root/SSLR1Soft.sh
```
(Let's Encrypt will only renew the cert if close to expiry).
You just have to make sure your web ports are not filtered, and nothing is running on port 80 (or you'll have to stop it before launching the script).
On our servers, R1Soft runs only on port 6443, therefore leaving ports 80 and 443 available.
--
Tested and created on CentOS 7.
Tested and created on CentOS 7 and CentOS 6.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment