Skip to content

Instantly share code, notes, and snippets.

@colinmcintosh

colinmcintosh/ubuntu_nginx_certbot_cloudflare

Last active May 1, 2019 03:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save colinmcintosh/a799a537e8d32c5fb80e8c3850a9ec45 to your computer and use it in GitHub Desktop.
Save colinmcintosh/a799a537e8d32c5fb80e8c3850a9ec45 to your computer and use it in GitHub Desktop.
Download ZIP
Configure Ubuntu 18.04 for NGINX with LetsEncrypt including Auto-renewal using Cloudflare DNS
Raw
ubuntu_nginx_certbot_cloudflare
adduser colin
usermod -aG sudo colin
sudo visudo
# %sudo ALL=(ALL:ALL) NOPASSWD: ALL
mkdir /home/colin/.ssh
cp ~/.ssh/authorized_keys /home/colin/.ssh/
chown -R colin:colin /home/colin/.ssh
exit
ssh colin@server.example.com
sudo apt update
sudo apt upgrade -y
sudo apt install nginx
sudo mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
sudo vi /etc/nginx/nginx.conf
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install software-properties-common certbot python-certbot-nginx python-pip
sudo pip install -U pip
sudo pip install setuptools wheel
sudo pip install certbot-dns-cloudflare
sudo mkdir ~/.secrets
sudo vi ~/.secrets/cloudflare.ini
##### BEGIN INI FILE
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = cloudflare-email@youremail.com
dns_cloudflare_api_key = <api key>
##### END INI FILE
sudo chmod -R 0600 ~/.secrets
sudo certbot -i nginx -a dns-cloudflare --dns-cloudflare-credentials ~/.secrets/cloudflare.ini --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --agree-tos --no-eff-email --no-redirect -m letsencrypt@example.com -d example.com
sudo vi /etc/nginx/nginx.conf
sudo crontab -e
0 1 * * * /usr/local/bin/certbot renew --quiet --post-hook "/usr/sbin/service nginx reload" > /dev/null 2>&1
sudo nginx -t
sudo service nginx restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment