To everyone saying that Caddy made it simple for automated LE; I agree, but also... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

PenguinCoder on Sept 13, 2017 | parent | context | favorite | on: Announcing Caddy Commercial Licenses

To everyone saying that Caddy made it simple for automated LE; I agree, but also, it's not that difficult to setup with NGINX:

Edit /var/nginx/ssl_common.conf

  ssl_certificate /etc/letsencrypt/live/<site>/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/<site>/privkey.pem;
  
  location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        allow all;
        root /var/www/example;
        auth_basic off;
  }

Edit crontab, add:

  30 2 * * 1 /bin/certbot -a webroot --webroot-path=/var/www/example renew --renew-hook "systemctl restart nginx"

Make the cert

  mkdir -p /var/www/example
  certbot certonly --webroot -w /var/www/example/ -d www.example.com

In your NGINX HTTPS server blocks add:

  include ssl_common.conf

That should be it...

gshulegaard on Sept 13, 2017 | [–]

Small improvement, but `reload` should do this while gracefully terminating connections:

https://www.guyrutenberg.com/2017/01/01/lets-encrypt-reload-...

http://nginx.org/en/docs/beginners_guide.html

Basically `reload` should have the external appearance of 0 downtime.

PenguinCoder on Sept 14, 2017 | | [–]

Thanks.

tylersmith on Sept 13, 2017 | [–]

Thanks for posting this. This is pretty much the setup I just replaced Caddy with and it's working well so far.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact