Fix jwt-token

ssl/README.md

@@ -0,0 +1,139 @@
+# SSL Certificate Auto-Renewal with Cron
+
+This directory contains scripts for managing SSL certificates with Let's Encrypt outside of Docker containers.
+
+## Setup
+
+1. **Install dependencies:**
+   ```bash
+   sudo apt update
+   sudo apt install certbot nginx openssl
+   
+   # Optional: For DNS challenges with Loopia
+   sudo pip install dns-lexicon[full]
+   ```
+
+2. **Configure environment:**
+   ```bash
+   cp .env.example .env
+   nano .env  # Edit with your domain and credentials
+   ```
+
+3. **Make scripts executable:**
+   ```bash
+   chmod +x certbot-manager.sh loopia-hook.sh
+   ```
+
+## Usage
+
+### Manual Certificate Management
+
+```bash
+# Check certificate status
+./certbot-manager.sh status
+
+# Check if renewal is needed
+./certbot-manager.sh check
+
+# Force certificate renewal
+./certbot-manager.sh renew
+
+# Auto-renew only if needed (for cron)
+./certbot-manager.sh auto
+```
+
+### Automatic Renewal with Cron
+
+1. **Setup cron job** (recommended - runs daily at 2 AM):
+   ```bash
+   sudo crontab -e
+   ```
+   
+   Add this line:
+   ```
+   0 2 * * * cd /path/to/your/project/ssl && source .env && ./certbot-manager.sh auto >> /var/log/letsencrypt/cron.log 2>&1
+   ```
+
+2. **Alternative: Setup systemd timer** (more modern approach):
+   ```bash
+   sudo cp ssl-renewal.service /etc/systemd/system/
+   sudo cp ssl-renewal.timer /etc/systemd/system/
+   sudo systemctl enable ssl-renewal.timer
+   sudo systemctl start ssl-renewal.timer
+   ```
+
+## Certificate Types
+
+### HTTP Challenge (Single Domain)
+- Works for: `dev.uggla.uamils.com`
+- Requirements: Port 80 accessible, nginx configured for ACME challenges
+- No additional credentials needed
+
+### DNS Challenge (Wildcard Support)
+- Works for: `dev.uggla.uamils.com` and `*.dev.uggla.uamils.com`
+- Requirements: Loopia DNS API credentials
+- Set `LOOPIA_USER` and `LOOPIA_PASSWORD` in `.env`
+
+## Nginx Configuration
+
+Ensure your nginx configuration includes ACME challenge support:
+
+```nginx
+server {
+    listen 80;
+    server_name dev.uggla.uamils.com *.dev.uggla.uamils.com;
+    
+    # ACME challenge location
+    location /.well-known/acme-challenge/ {
+        root /var/www/html;
+        try_files $uri =404;
+    }
+    
+    # Redirect other traffic to HTTPS
+    location / {
+        return 301 https://$server_name$request_uri;
+    }
+}
+```
+
+## Monitoring
+
+### Check Certificate Status
+```bash
+./certbot-manager.sh status
+```
+
+### View Renewal Logs
+```bash
+tail -f /var/log/letsencrypt/renewal.log
+```
+
+### Check Cron Logs
+```bash
+tail -f /var/log/letsencrypt/cron.log
+```
+
+## Troubleshooting
+
+### DNS Challenge Issues
+- Verify Loopia credentials are correct
+- Check DNS propagation: `dig _acme-challenge.dev.uamils.com TXT`
+- Ensure API access is enabled in Loopia control panel
+
+### HTTP Challenge Issues
+- Verify port 80 is accessible from internet
+- Check nginx configuration: `nginx -t`
+- Ensure webroot path exists and is writable
+
+### Permission Issues
+- Ensure scripts are executable: `chmod +x *.sh`
+- Run with sudo if accessing system directories
+- Check log file permissions
+
+## Files
+
+- `certbot-manager.sh` - Main certificate management script
+- `loopia-hook.sh` - DNS challenge hook for Loopia
+- `.env.example` - Configuration template
+- `ssl-renewal.service` - Systemd service file
+- `ssl-renewal.timer` - Systemd timer file