LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-14-2017, 05:23 AM   #1
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: Slackware, CentOS, FreeBSD
Posts: 3,310

Rep: Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843
Bundle SSL certificates with LetsEncrypt/Certbot?


Hi,

I'm using letsencrypt/certbot for managing SSL certificates, and I must say I'm quite happy so far, since everything works nice and this is finally a relatively hassle-free way of getting free certificates.

I have several domains to manage, and each domain often has several subdomains. For the moment, I have one script per domain to automate the process. Here's an example:

Code:
#!/bin/bash
#
# Create/renew SSL/TLS certificates for slackbox.fr.

DOMAIN="slackbox.fr"
DIRNAM="slackbox"
ENCRYPT="/usr/bin/certbot"
CHGRP="/usr/bin/chgrp"
CHMOD="/usr/bin/chmod"
CERTGRP="certs"
EMAIL="info@microlinux.fr"
OPTIONS="certonly \
         --preferred-challenges tls-sni-01 \
         --email $EMAIL \
         --renew-by-default \
         --agree-tos \
         --text \
         --standalone"

# Create $CERTGRP group 
if ! grep -q "^$CERTGRP:" /etc/group ; then
  groupadd -g 240 $CERTGRP
  echo ":: Added $CERTGRP group."
  sleep 3
fi

# Stop Apache
echo ":: Stopping Apache."
if ps ax | grep -v grep | grep httpd > /dev/null ; then
  /etc/rc.d/rc.httpd stop 1 > /dev/null 2>&1
  sleep 5
fi

$ENCRYPT $OPTIONS -d www.$DOMAIN -d $DOMAIN \
  --webroot-path /srv/httpd/vhosts/$DIRNAM-secure/htdocs

$ENCRYPT $OPTIONS -d mail.$DOMAIN \
  --webroot-path /srv/httpd/vhosts/$DIRNAM-webmail/htdocs

$ENCRYPT $OPTIONS -d compta.$DOMAIN \
  --webroot-path /srv/httpd/vhosts/$DIRNAM-dolibarr/htdocs

# Fix permissions
echo ":: Setting permissions."
$CHGRP -R $CERTGRP /etc/letsencrypt
$CHMOD -R g=rx /etc/letsencrypt

# Start Apache
echo ":: Starting Apache."
/etc/rc.d/rc.httpd start
And here's a similar script for a different domain (I bought these two mainly to play around):

Code:
#!/bin/bash
#
# Create/renew SSL/TLS certificates for unixbox.fr.

DOMAIN="unixbox.fr"
DIRNAM="unixbox"
ENCRYPT="/usr/bin/certbot"
CHGRP="/usr/bin/chgrp"
CHMOD="/usr/bin/chmod"
CERTGRP="certs"
EMAIL="info@microlinux.fr"
OPTIONS="certonly \
         --preferred-challenges tls-sni-01 \
         --email $EMAIL \
         --renew-by-default \
         --agree-tos \
         --text \
         --standalone"

# Create $CERTGRP group 
if ! grep -q "^$CERTGRP:" /etc/group ; then
  groupadd -g 240 $CERTGRP
  echo ":: Added $CERTGRP group."
  sleep 3
fi

# Stop Apache
echo ":: Stopping Apache."
if ps ax | grep -v grep | grep httpd > /dev/null ; then
  /etc/rc.d/rc.httpd stop 1 > /dev/null 2>&1
  sleep 5
fi

$ENCRYPT $OPTIONS -d www.$DOMAIN -d $DOMAIN \
  --webroot-path /srv/httpd/vhosts/$DIRNAM-secure/htdocs

$ENCRYPT $OPTIONS -d mail.$DOMAIN \
  --webroot-path /srv/httpd/vhosts/$DIRNAM-webmail/htdocs

# Fix permissions
echo ":: Setting permissions."
$CHGRP -R $CERTGRP /etc/letsencrypt
$CHMOD -R g=rx /etc/letsencrypt

# Start Apache
echo ":: Starting Apache."
/etc/rc.d/rc.httpd start
I simply put these scripts in /etc/cron.monthly on my server, and certificates are renewed every month. So far I've only been using SSL certificates for HTTPS, and this works fine.

For the last few days I've been experimenting with using these certificates for my mail server with Postfix and Dovecot. I've managed to get it to work perfectly, but I've come to a roadblock, because Postfix won't let me configure different SSL certificates for different domains.

Here's a very vague idea, and I confess I'm in new territories. here. Currently certificates are all stored under /etc/letsencrypt/live, in a series of directories, one per domain and/or subdomain. Here's what this looks like on my sandbox server:

Code:
# ls -1 /etc/letsencrypt/live/
compta.slackbox.fr
mail.slackbox.fr
mail.unixbox.fr
www.slackbox.fr
www.unixbox.fr
And here comes the question (finally). Is it possible to bundle up all my certificate files on the server into one big file bundle that I could put in /etc/letsencrypt/live/bundle/?

Cheers,

Niki
 
Old 03-14-2017, 07:58 AM   #2
kikinovak
MLED Founder
 
Registered: Jun 2011
Location: Montpezat (South France)
Distribution: Slackware, CentOS, FreeBSD
Posts: 3,310

Original Poster
Rep: Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843Reputation: 1843
I'll answer that myself, since I just found a working answer to the question.

https://community.letsencrypt.org/t/...l-server/11828
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Generate SSL Certificates With LetsEncrypt Debian Linux LXer Syndicated Linux News 0 01-30-2017 09:12 PM
LXer: How to setup a intermediate compatible SSL website with LetsEncrypt certificate LXer Syndicated Linux News 0 01-19-2016 04:30 PM
Can SSL Certificates be the same sleepyz Linux - Server 6 02-19-2010 10:52 AM
SSL Certificates ashiers Linux - Security 2 06-30-2006 08:39 AM
ssl certificates champ Linux - Security 2 04-05-2003 09:47 AM


All times are GMT -5. The time now is 11:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration