Aktionen
Setup dehydrated » Historie » Revision 3
« Zurück |
Revision 3/7
(Vergleich)
| Weiter »
Jeremias Keihsler, 21.09.2021 22:22
Install Procedure for dehydrated¶
Requirements¶
To install logwatch you will need the following:- a installed and supported operating system (e.g. CentOS 8.x)
- EPEL repository
- root-access
- a fast internet connection
Preliminary Note¶
partly taken from: https://bob.gatsmas.de/let-s-encrypt-mit-nginx-und-dehydrated
Install¶
Install dehydrated:
yum install openssl curl sed grep mktemp
yum install dehydrated
Configure nginx¶
im http-Bereich (Port 80) des jeweiligen Servers
location /.well-known/acme-challenge {
alias /var/www/dehydrated;
}
mkdir -p /var/www/dehydrated
systemctl restart nginx
Test nginx¶
echo "Test OK" > /var/www/dehydrated/test.html
try to get the file from somewhere else
curl http://subdomain.example.com/.well-known/acme-challenge/test.html
Configure dehydrated¶
add domains to /etc/dehydrated/domains.txt
hostXX.example.com
register with AMCE-Server (Let's Encrypt)¶
dehydrated --register --accept-terms
get certs¶
dehydrated -c
Configure nginx-ssl¶
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hostXX.example.com;
root /usr/share/nginx/html;
#ssl_certificate "/etc/pki/nginx/server.crt";
#ssl_certificate_key "/etc/pki/nginx/private/server.key";
ssl_certificate "/etc/dehydrated/certs/hostXX.example.com/fullchain.pem";
ssl_certificate_key "/etc/dehydrated/certs/hostXX.example.com/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Von Jeremias Keihsler vor etwa 3 Jahren aktualisiert · 3 Revisionen