Certbot: Difference between revisions
From Freephile Wiki
add keytool example |
Add meza instructions |
||
| Line 16: | Line 16: | ||
Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | Ansible has a [https://docs.ansible.com/ansible/latest/letsencrypt_module.html letsencrypt module] however, using it is a two-step process. We opted instead to create a more robust Ansible playbook to install and automate certificates. | ||
=== Current Setup for Meza === | |||
<source lang="bash"> | |||
cd ~/src/ansible-certbot | |||
# edit host file as needed, setup DNS as needed | |||
# check if the user you expect to use can SSH to the host | |||
ssh centos@demo.qualitybox.us | |||
# activate ansible | |||
source ~/bin/ansible/hacking/env-setup | |||
ansible --version | |||
# edit letsencrypt.yml as needed to identify the host for the play | |||
ansible-playbook -i hosts letsencrypt.yml | |||
# if installing by package (default), then certbot is installed "normally". If by source, it's in /opt/certbot | |||
## on the target host | |||
# see if there are any certificates | |||
certbot certificates | |||
# fix HAProxy to make sure Apache is accessible, but don't install into Apache, just use webroot | |||
certbot --webroot -w /opt/htdocs/ -d demo.qualitybox.us | |||
# then run meza deploy to concatenate the cert files into a .pem file installed into HAproxy | |||
</source> | |||
== With HAProxy == | == With HAProxy == | ||
