HomeWiki

User Tools

Site Tools

Trace:
linux:apps:letsencrypt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:apps:letsencrypt [2022/01/15 11:38] – created - external edit 127.0.0.1linux:apps:letsencrypt [2024/09/13 07:07] (current) oscar
Line 118: Line 118:
 <code> <code>
 #nano /lib/systemd/system/letsencrypt-renew.service #nano /lib/systemd/system/letsencrypt-renew.service
 +---------------------------------------------------
 [Unit] [Unit]
 Description=Renew LetsEncrypt certificates Description=Renew LetsEncrypt certificates
Line 163: Line 163:
 <code> <code>
 # systemctl list-timers # systemctl list-timers
 +-----------------------
 NEXT                         LEFT          LAST                         PASSED    UNIT                         ACTIVATES NEXT                         LEFT          LAST                         PASSED    UNIT                         ACTIVATES
 Fri 2018-02-16 18:00:00 UTC  2h 29min left Fri 2018-02-16 06:00:07 UTC  9h ago    renew-letsencrypt.timer      renew-letsencrypt.service Fri 2018-02-16 18:00:00 UTC  2h 29min left Fri 2018-02-16 06:00:07 UTC  9h ago    renew-letsencrypt.timer      renew-letsencrypt.service
 </code> </code>
  
-/lib/systemd/system+===== Sudoers ===== 
 +The timer/service need to restart nginx, in order to load the new certificates. However, the update script is run as user 'www-data'. To allow www-data to run systemctl restart as root, add the following file to /etc/sudoers.d: 
 +<code> 
 +visudo /etc/sudoers.d/www-data 
 +------------------------------ 
 +www-data ALL=(root) NOPASSWD: /bin/systemctl restart nginx 
 +</code> 
 + 
 +====== Troubleshooting ====== 
 +  * Check Ziggo external IPv6 / IPv4 addresses. This is likely cause when the update script timeout when reading the ./well-known/acme-challenge.
  
 ====== Links ====== ====== Links ======
linux/apps/letsencrypt.1642246727.txt.gz · Last modified: by 127.0.0.1