Created
May 10, 2020 02:15
-
-
Save colinmcintosh/f3ddd852189d6530954fa3771905eff4 to your computer and use it in GitHub Desktop.
Configure Octopi with HA Proxy for LetsEncrypt including Auto-renewal using Cloudflare DNS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Pre-reqs | |
sudo apt update | |
sudo apt upgrade -y | |
sudo apt install software-properties-common certbot python-certbot-nginx python-pip | |
sudo pip install -U pip | |
sudo pip install setuptools wheel | |
sudo pip install certbot-dns-cloudflare | |
# Setup your Cloudflare API credentials | |
sudo mkdir ~/.secrets | |
sudo vi ~/.secrets/cloudflare.ini | |
##### BEGIN INI FILE | |
# Cloudflare API credentials used by Certbot | |
dns_cloudflare_email = cloudflare-email@youremail.com | |
dns_cloudflare_api_key = <api key> | |
##### END INI FILE | |
sudo chmod -R 0600 ~/.secrets | |
# Get the certificate | |
sudo certbot \ | |
-a dns-cloudflare \ | |
--dns-cloudflare-credentials ~/.secrets/cloudflare.ini \ | |
--preferred-challenges dns-01 \ | |
--server https://acme-v02.api.letsencrypt.org/directory \ | |
--agree-tos \ | |
--no-eff-email \ | |
--no-redirect \ | |
-m letsencrypt@yourdomain.com \ | |
-d octopi.yourdomain.com | |
# Copy the certs into the correct file and restart haproxy | |
cat /etc/letsencrypt/live/octopi.yourdomain.com/fullchain.cer /etc/letsencrypt/live/octopi.yourdomain.com/octopi.yourdomain.com.key >/etc/ssl/snakeoil.pem | |
systemctl reload haproxy | |
# Setup auto-renewal | |
sudo crontab -e | |
0 1 * * * /usr/local/bin/certbot renew --quiet --post-hook "cat /etc/letsencrypt/live/octopi.yourdomain.com/fullchain.cer /etc/letsencrypt/live/octopi.yourdomain.com/octopi.yourdomain.com.key >/etc/ssl/snakeoil.pem && systemctl reload haproxy" > /dev/null 2>&1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment