Certbot: Difference between revisions
imported>Onny Add info about renewal of certificates |
imported>Onny Add information about automated renewal |
||
Line 3: | Line 3: | ||
== Installation == | == Installation == | ||
Install ''certbot'' in your current environment | Install ''certbot'' in your current environment and enable ''systemd-timer'' for automated renewal of certificates | ||
< | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
services.certbot.enable = true; | |||
</ | </nowiki>}} | ||
== Usage == | == Usage == | ||
Line 47: | Line 47: | ||
}; | }; | ||
services.certbot = { | |||
enable = true; | |||
package = pkgs.certbot.withPlugins (ps: with ps; [ certbot-dns-inwx ]); | |||
} | |||
</nowiki>}} | </nowiki>}} | ||
Shared secret must be set in the configuration but you only have to configure the value if you're using 2FA on INWX. | Shared secret must be set in the configuration but you only have to configure the value if you're using 2FA on INWX. | ||
Manually generate certificates for <code>example.org</code> using the ''inwx''-plugin | Manually generate certificates for <code>example.org</code> using the ''inwx''-plugin | ||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# certbot certonly -a dns-inwx -d example.org --register-unsafely-without-email --agree-tos | # certbot certonly -a dns-inwx -d example.org --register-unsafely-without-email --agree-tos | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Now that a specific domain is configured to get automatically renewed using the plugin, the ''systemd-timer'' of the ''certbot'' module will automatically renew it. | |||