Projekt

Allgemein

Profil

Aktionen

Install Procedure for dehydrated

Requirements

To install logwatch you will need the following:
  • a installed and supported operating system (e.g. CentOS 8.x)
  • EPEL repository
  • root-access
  • a fast internet connection

Preliminary Note

partly taken from: https://bob.gatsmas.de/let-s-encrypt-mit-nginx-und-dehydrated
the staging environment link is (as of 2021-09-22) https://acme-staging-v02.api.letsencrypt.org/directory

Install

Install dehydrated:

yum install openssl curl sed grep mktemp
yum install dehydrated

Configure nginx

im http-Bereich (Port 80) des jeweiligen Servers

location /.well-known/acme-challenge {
      alias /var/www/dehydrated;
}
mkdir -p /var/www/dehydrated
systemctl restart nginx

Test nginx

echo "Test OK" > /var/www/dehydrated/test.html

try to get the file from somewhere else

curl http://subdomain.example.com/.well-known/acme-challenge/test.html

Configure dehydrated

add domains to /etc/dehydrated/domains.txt

hostXX.example.com

add contact-email-adr to /etc/dehydrated/config

CONTACT_EMAIL=user@example.com

register with AMCE-Server (Let's Encrypt)

dehydrated --register --accept-terms

get certs

dehydrated -c

force renew, regardless of age

dehydrated -c -x

Configure nginx-ssl

server {
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
        server_name  hostXX.example.com;
        root         /usr/share/nginx/html;

        #ssl_certificate "/etc/pki/nginx/server.crt";
        #ssl_certificate_key "/etc/pki/nginx/private/server.key";
        ssl_certificate "/etc/dehydrated/certs/hostXX.example.com/fullchain.pem";
        ssl_certificate_key "/etc/dehydrated/certs/hostXX.example.com/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

issues/troubleshooting

certs are renewed but nginx is not picking them up

restart nginx service

dehydrated is run as a static service and should invoke a restart-hook with nginx.
It worked ok so far, I ran into this the first/only time 2022-03-22.

Von Jeremias Keihsler vor mehr als 1 Jahr aktualisiert · 7 Revisionen