borg/drone-detector

Fork 0

Files

History

Alexander Borg c7f4f23f00 Fix jwt-token

2025-09-12 23:06:34 +02:00

.env.example

Fix jwt-token

2025-09-12 21:04:32 +02:00

certbot-manager.sh

Fix jwt-token

2025-09-12 21:39:21 +02:00

complete-setup.sh

Fix jwt-token

2025-09-12 21:39:21 +02:00

loopia-hook.sh

Fix jwt-token

2025-09-12 21:01:30 +02:00

nginx-ssl-setup.sh

Fix jwt-token

2025-09-12 23:06:34 +02:00

README.md

Fix jwt-token

2025-09-12 21:01:30 +02:00

setup.sh

Fix jwt-token

2025-09-12 21:01:30 +02:00

ssl-renewal.service

Fix jwt-token

2025-09-12 21:01:30 +02:00

ssl-renewal.timer

Fix jwt-token

2025-09-12 21:01:30 +02:00

README.md

SSL Certificate Auto-Renewal with Cron

This directory contains scripts for managing SSL certificates with Let's Encrypt outside of Docker containers.

Setup

Install dependencies:

sudo apt update
sudo apt install certbot nginx openssl

# Optional: For DNS challenges with Loopia
sudo pip install dns-lexicon[full]

Configure environment:

cp .env.example .env
nano .env  # Edit with your domain and credentials

Make scripts executable:

chmod +x certbot-manager.sh loopia-hook.sh

Usage

Manual Certificate Management

# Check certificate status
./certbot-manager.sh status

# Check if renewal is needed
./certbot-manager.sh check

# Force certificate renewal
./certbot-manager.sh renew

# Auto-renew only if needed (for cron)
./certbot-manager.sh auto

Automatic Renewal with Cron

Setup cron job (recommended - runs daily at 2 AM):

sudo crontab -e

Add this line:

0 2 * * * cd /path/to/your/project/ssl && source .env && ./certbot-manager.sh auto >> /var/log/letsencrypt/cron.log 2>&1

Alternative: Setup systemd timer (more modern approach):

sudo cp ssl-renewal.service /etc/systemd/system/
sudo cp ssl-renewal.timer /etc/systemd/system/
sudo systemctl enable ssl-renewal.timer
sudo systemctl start ssl-renewal.timer

Certificate Types

HTTP Challenge (Single Domain)

Works for: dev.uggla.uamils.com
Requirements: Port 80 accessible, nginx configured for ACME challenges
No additional credentials needed

DNS Challenge (Wildcard Support)

Works for: dev.uggla.uamils.com and *.dev.uggla.uamils.com
Requirements: Loopia DNS API credentials
Set LOOPIA_USER and LOOPIA_PASSWORD in .env

Nginx Configuration

Ensure your nginx configuration includes ACME challenge support:

server {
    listen 80;
    server_name dev.uggla.uamils.com *.dev.uggla.uamils.com;
    
    # ACME challenge location
    location /.well-known/acme-challenge/ {
        root /var/www/html;
        try_files $uri =404;
    }
    
    # Redirect other traffic to HTTPS
    location / {
        return 301 https://$server_name$request_uri;
    }
}

Monitoring

Check Certificate Status

./certbot-manager.sh status

View Renewal Logs

tail -f /var/log/letsencrypt/renewal.log

Check Cron Logs

tail -f /var/log/letsencrypt/cron.log

Troubleshooting

DNS Challenge Issues

Verify Loopia credentials are correct
Check DNS propagation: dig _acme-challenge.dev.uamils.com TXT
Ensure API access is enabled in Loopia control panel

HTTP Challenge Issues

Verify port 80 is accessible from internet
Check nginx configuration: nginx -t
Ensure webroot path exists and is writable

Permission Issues

Ensure scripts are executable: chmod +x *.sh
Run with sudo if accessing system directories
Check log file permissions

Files

certbot-manager.sh - Main certificate management script
loopia-hook.sh - DNS challenge hook for Loopia
.env.example - Configuration template
ssl-renewal.service - Systemd service file
ssl-renewal.timer - Systemd timer file