Skip to content

Instantly share code, notes, and snippets.

@Bachsau
Last active July 18, 2023 15:31
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Non-patronizing Certbot configuration
# Certbot configuration by Bachsau
# System
max-log-backups = 0
#no-random-sleep-on-renew = true
verbose = 1
# CA settings
#server = https://acme-staging-v02.api.letsencrypt.org/directory
preferred-chain = ISRG Root X1
# Account creation
#email = info@example.com
agree-tos = true
no-eff-email = true
# Installation
installer = null
disable-renew-updates = true
delete-after-revoke = true
deploy-hook = /etc/letsencrypt/deploy.sh
post-hook = invoke-rc.d apache2 reload
# Authentication
authenticator = dns-standalone
preferred-challenges = dns-01
dns-standalone-propagation-seconds = 1
# Key settings
key-type = rsa
rsa-key-size = 4096
reuse-key = true
#!/bin/sh -eu
# Install certificates after creation (by Bachsau)
CERT_NAME=${RENEWED_LINEAGE##*/}
DESTFILE=/var/tls/${CERT_NAME}.pem
umask 0177
cat "${RENEWED_LINEAGE}/privkey.pem" "${RENEWED_LINEAGE}/fullchain.pem" >"$DESTFILE"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment