⬅️ **[[$-Tools|Tools]]** *** # Certbot - wichtig für [[DynDNS]] - [Certbot Doku Installation](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal) See [[nginx]] for additionaly information. - Config under `/etc/letsencrypt` - Configure Nginx Configs under `/etc/nginx/conf.d` ## Create new Config for new Proxy with Certificate 1. create new Server Config in `/etc/nginx/conf.d/` e.g. `sudo vim example.reaver1202.conf` ``` server { listen 80; listen [::]:80; server_name example.reaver1202.selfhost.eu; location / { proxy_pass http://localhost:1480/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } } ``` 2. Run Certbot for nginx `sudo certbot --nginx` - select all or a specific Nginx Server Config server_name from the provided list - Press 2 for the option to redirect all HTTP traffic to HTTPS - ==Important:== Damit das auch für Subdomains funktioniert, muss die Hauptdomain auch per Nginx etc. erreichbar sein. 2024-07-15 hat es nicht geklappt, weil ich Domain auf eine andere Seite weitergeleitet (301) habe und eine Subdomain einrichten wollte. Erst als sie wieder die STRATO Webseite (meine alte Homepage) ansprach ging es. 1. Now the selected server configs have Let´s Encrypt SSL Certificates ## Install Certbot ### Install Certbot with Ubuntu snap ```bash # install nginx sudo apt-get install nginx # update snapd sudo snap install core; sudo snap refresh core # install Certbot sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot ``` ### --DEPRECATED since 2022-05-- Install Certbot Ubuntu 20.04 and Debian ``` sudo apt-get install certbot sudo apt-get install python-certbot-nginx sudo certbot --nginx ``` ## Initialisation: ``` mauritz@mce-pi:~$ sudo certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: N No names were found in your configuration files. Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): c Please specify --domains, or --installer that will help in domain names autodiscovery, or --cert-name for an existing certificate name. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. ``` ### Initial Config: ``` server { listen 80; listen [::]:80; server_name admin-portainer.mce.selfhost.co; location / { proxy_pass http://192.168.42.38:1000/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } } ``` ### Manipulated config by `sudo certbot --nginx` ``` server { server_name admin-portainer.mce.selfhost.co; location / { proxy_pass http://192.168.42.38:1000/; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; } listen [::]:443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/admin-portainer.mce.selfhost.co/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/admin-portainer.mce.selfhost.co/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = admin-portainer.mce.selfhost.co) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name admin-portainer.mce.selfhost.co; return 404; # managed by Certbot } ``` # *** Related: - [[$-Netzwerk|Netzwerk]]