Commit d288208e authored by Benoît's avatar Benoît
Browse files

Updated insctructions

parent f870c1df
...@@ -3,28 +3,27 @@ ...@@ -3,28 +3,27 @@
Script that automatically setups a Let's Encrypt certificate for R1Soft, and handles renewal. Script that automatically setups a Let's Encrypt certificate for R1Soft, and handles renewal.
Here is what the script does : Here is what the script does :
- Installs git (if not already installed)
- Updates the following packages : nss nss-util nss-sysinit nss-tools wget curl ca-certificates openssl - Updates the following packages : nss nss-util nss-sysinit nss-tools wget curl ca-certificates openssl
- Clones Let's Encrypt git repository (if not already cloned) - Downloads Certbot (if not already done)
- Stops iptables - Creates a keystore for R1Soft cdp
- Launches Let's Encrypt certificate creation/renewal - Creates a Let's Encrypt certificate through Certbot
- Starts iptables
- Exits now if the certificate if not yet due to renewal
- Imports the certificate into R1Soft keystore - Imports the certificate into R1Soft keystore
Just wget the script, change execution rights and launch it (followed by email address as argument) : Just wget the script, change execution rights and launch it :
```bash ```bash
wget -N https://gitlab.haisoft.net/pub/R1Soft_LetsEncryptIntegration/raw/master/SSLR1Soft.sh ; chmod +x SSLR1Soft.sh wget -N https://gitlab.haisoft.net/pub/R1Soft_LetsEncryptIntegration/raw/master/SSLR1Soft.sh ; chmod +x SSLR1Soft.sh
``` ```
```bash ```bash
./SSLR1Soft.sh your@e.mail ./SSLR1Soft.sh
``` ```
You can add a cron every 10 days to renew your certificates : You can add a cron every month to renew your certificate :
```bash ```bash
0 0 */10 * * /root/SSLR1Soft.sh your@e.mail 0 0 */10 * * /root/SSLR1Soft.sh
``` ```
(Let's Encrypt will only renew the cert if close to expiry).
You just have to make sure your web ports are not filtered, and nothing is running on port 80 (or you'll have to stop it before launching the script).
On our servers, R1Soft runs only on port 6443, therefore leaving ports 80 and 443 available.
-- --
Tested and created on CentOS 7. Tested and created on CentOS 7 and CentOS 6.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment