certbot guide

_posts/2023-10-04-nginx-certbot-renewal.md

@@ -0,0 +1,43 @@
+---
+title: Automatic Renewal Of Certbot Certificates With NGINX
+notice: Incomplete (only overview), tested on AlmaLinux 9.2
+lang: en-us
+---
+
+# Prequisites
+
+- You need to have `certbot` and `python3-certbot-nginx` installed (or the equivalent in your distro)
+- Create your configurations in `/etc/nginx/conf.d/`
+- Run Certbot NGINX for the first time: `sudo certbot --nginx` (use parameter `-d` to specify only specific domains)
+
+# Setup (packaged)
+
+Look, if you have a service called `certbot-renew.service`. This can be done by using the command `systemctl status certbot-renew.service`. There also should be a timer called `certbot-renew.timer`.
+
+If both are present, **only enable certbot-renew.timer**.
+
+When running `systemctl status certbot-renew.timer` your timer should be active, and you should be able to see when the timer executes the next time.
+
+<details>
+<summary>Example</summary>
+<code>
+● certbot-renew.timer - This is the timer to set the schedule for automated renewals
+     Loaded: loaded (/usr/lib/systemd/system/certbot-renew.timer; enabled; preset: enabled)
+     Active: active (waiting) since Mon 2023-10-02 18:36:41 UTC; 2 days ago
+      Until: Mon 2023-10-02 18:36:41 UTC; 2 days ago
+    Trigger: Thu 2023-10-05 09:00:44 UTC; 11h left
+   Triggers: ● certbot-renew.service
+
+Oct 02 18:36:41 example-host systemd[1]: Started This is the timer to set the schedule for automated renewals.
+</code>
+</details>
+
+# Setup (standalone)
+
+The standalone setup is for packages that don't include a service. You can just put the command `/usr/bin/certbot renew --quiet` wherever it is needed (e.g. Systemd, Cron) or run it manually.
+
+---
+
+Also see:
+
+[Official guide from EFF](https://certbot.eff.org/instructions)

_site/2023/10/04/nginx-certbot-renewal.html

@@ -0,0 +1,89 @@
+<!DOCTYPE html>
+
+<html>
+<head>
+  <title>Automatic Renewal Of Certbot Certificates With NGINX</title>
+    <meta charset="UTF-8">
+    <link rel="stylesheet" href="/assets/main.css">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta name="author" content="Fl1tzi<root@fl1tzi.com>">
+</head>
+
+<body>
+    
+      <div class="notice">
+        Incomplete (only overview), tested on AlmaLinux 9.2
+      </div>
+    
+
+    <header>
+      <h1>Automatic Renewal Of Certbot Certificates With NGINX</h1>
+      
+        <span>4 October 2023</span>
+      
+    </header>
+
+    <section id="content">
+      <h1 id="prequisites">Prequisites</h1>
+
+<ul>
+  <li>You need to have <code class="language-plaintext highlighter-rouge">certbot</code> and <code class="language-plaintext highlighter-rouge">python3-certbot-nginx</code> installed (or the equivalent in your distro)</li>
+  <li>Create your configurations in <code class="language-plaintext highlighter-rouge">/etc/nginx/conf.d/</code></li>
+  <li>Run Certbot NGINX for the first time: <code class="language-plaintext highlighter-rouge">sudo certbot --nginx</code> (use parameter <code class="language-plaintext highlighter-rouge">-d</code> to specify only specific domains)</li>
+</ul>
+
+<h1 id="setup-packaged">Setup (packaged)</h1>
+
+<p>Look, if you have a service called <code class="language-plaintext highlighter-rouge">certbot-renew.service</code>. This can be done by using the command <code class="language-plaintext highlighter-rouge">systemctl status certbot-renew.service</code>. There also should be a timer called <code class="language-plaintext highlighter-rouge">certbot-renew.timer</code>.</p>
+
+<p>If both are present, <strong>only enable certbot-renew.timer</strong>.</p>
+
+<p>When running <code class="language-plaintext highlighter-rouge">systemctl status certbot-renew.timer</code> your timer should be active, and you should be able to see when the timer executes the next time.</p>
+
+<details>
+<summary>Example</summary>
+<code>
+● certbot-renew.timer - This is the timer to set the schedule for automated renewals
+     Loaded: loaded (/usr/lib/systemd/system/certbot-renew.timer; enabled; preset: enabled)
+     Active: active (waiting) since Mon 2023-10-02 18:36:41 UTC; 2 days ago
+      Until: Mon 2023-10-02 18:36:41 UTC; 2 days ago
+    Trigger: Thu 2023-10-05 09:00:44 UTC; 11h left
+   Triggers: ● certbot-renew.service
+
+Oct 02 18:36:41 example-host systemd[1]: Started This is the timer to set the schedule for automated renewals.
+</code>
+</details>
+
+<h1 id="setup-standalone">Setup (standalone)</h1>
+
+<p>The standalone setup is for packages that don’t include a service. You can just put the command <code class="language-plaintext highlighter-rouge">/usr/bin/certbot renew --quiet</code> wherever it is needed (e.g. Systemd, Cron) or run it manually.</p>
+
+<hr />
+
+<p>Also see:</p>
+
+<p><a href="https://certbot.eff.org/instructions">Official guide from EFF</a></p>
+
+    </section>
+
+    <br/>
+    <hr/>
+
+    <footer>
+      <small>
+        
+        <a href="/">Home</a>
+        //
+        
+        <a href="https://git.fl1tzi.com/Fl1tzi/fl1tzi.com">Repo</a>
+        //
+        
+        <a href="https://git.fl1tzi.com/data/data/src/fl1tzi.com-privacy.md">Privacy</a>
+        //
+        
+        All Rights Reserved.
+      </small>
+    </footer>
+</body>
+
+</html>

_site/assets/main.css

@@ -75,6 +75,13 @@ th {
 
 code {
   background-color: var(--light-color);
+  display: inline-block;
+  white-space: pre;
+}
+
+summary {
+  text-decoration: underline;
+  cursor: pointer;
 }
 
 blockquote {

_site/index.html

@@ -31,6 +31,10 @@ I do stuff on the internet and photograph things.</p>
 
 <ul>
   
+    <li>
+      <a href="/2023/10/04/nginx-certbot-renewal.html">Automatic Renewal Of Certbot Certificates With NGINX</a>
+    </li>
+  
     <li>
       <a href="/2023/10/03/podman-userns.html">How To Run Podman Containers Inside One User More Securely</a>
     </li>

assets/main.css

@@ -75,6 +75,13 @@ th {
 
 code {
   background-color: var(--light-color);
+  display: inline-block;
+  white-space: pre;
+}
+
+summary {
+  text-decoration: underline;
+  cursor: pointer;
 }
 
 blockquote {