Certbot: Difference between revisions

VisualWikitext
imported>Onny
(Add info about renewal of certificates)
imported>Onny
(Add information about automated renewal)
Line 3: Line 3:
== Installation ==
== Installation ==


Install ''certbot'' in your current environment
Install ''certbot'' in your current environment and enable ''systemd-timer'' for automated renewal of certificates
<syntaxhighlight lang="console">
{{file|/etc/nixos/configuration.nix|nix|<nowiki>
# nix-env -iA nixos.certbot
services.certbot.enable = true;
</syntaxhighlight>
</nowiki>}}


== Usage ==
== Usage ==
Line 47: Line 47:
};
};


environment.systemPackages = with pkgs; [
services.certbot = {
   ( certbot.withPlugins (ps: with ps; [ certbot-dns-inwx ]) )
  enable = true;
];
   package = pkgs.certbot.withPlugins (ps: with ps; [ certbot-dns-inwx ]);
}
</nowiki>}}
</nowiki>}}
Shared secret must be set in the configuration but you only have to configure the value if you're using 2FA on INWX.
Shared secret must be set in the configuration but you only have to configure the value if you're using 2FA on INWX.


Manually generate certificates for <code>example.org</code> using the ''inwx''-plugin
Manually generate certificates for <code>example.org</code> using the ''inwx''-plugin
<syntaxhighlight lang="console">
<syntaxhighlight lang="console">
# certbot certonly -a dns-inwx -d example.org --register-unsafely-without-email --agree-tos
# certbot certonly -a dns-inwx -d example.org --register-unsafely-without-email --agree-tos
</syntaxhighlight>
</syntaxhighlight>


=== Automated renewal of certificates ===
Now that a specific domain is configured to get automatically renewed using the plugin, the ''systemd-timer'' of the ''certbot'' module will automatically renew it.
 
Certificates invalidate after a specific time, often aften several months. You can renew them manually after that period using following command
<syntaxhighlight lang="console">
# certbot renew
</syntaxhighlight>
Retrieved from "https://wiki.nixos.org/wiki/Certbot"