t-okkn/certbot.md

## certbot.md

      
    Raw
  

              certbot.md
            
          
    Let's Encrypt証明書の自動更新

OSの環境はUbuntu, Arch Linuxにて確認しております。

また、Webサーバはnginxを想定して作成しております。

なお、 systemd-networkd と systemd-networkd-wait-online をenableにしておく必要があります。
$ curl -sSL https://gist.githubusercontent.com/t-okkn/52e1012d219b532a1ad711d4d30f3211/raw/cce276f9e2c103760410476e5646c6add93a7f3c/certbot.service | sudo tee /etc/systemd/system/certbot.service
$ curl -sSL https://gist.githubusercontent.com/t-okkn/52e1012d219b532a1ad711d4d30f3211/raw/cce276f9e2c103760410476e5646c6add93a7f3c/certbot.timer | sudo tee /etc/systemd/system/certbot.timer

$ sudo systemctl enable --now certbot.service
$ sudo systemctl enable --now certbot.timer


## certbot.service
[Unit]
Description=Let's Encrypt Certificate Renewal
Wants=network-online.target
After=network-online.target

[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos --post-hook "systemctl reload nginx"

[Install]
WantedBy=network-online.target

## certbot.timer
[Unit]
Description=Once weekly renewal of Let's Encrypt's certificates

[Timer]
OnCalendar=Sun *-*-* 04:15:15
RandomizedDelaySec=30min
Persistent=true

[Install]
WantedBy=timers.target
	[Unit]
	Description=Let's Encrypt Certificate Renewal
	Wants=network-online.target
	After=network-online.target

	[Service]
	Type=oneshot
	ExecStart=/usr/bin/certbot renew --quiet --agree-tos --post-hook "systemctl reload nginx"

	[Install]
	WantedBy=network-online.target
	[Unit]
	Description=Once weekly renewal of Let's Encrypt's certificates

	[Timer]
	OnCalendar=Sun --* 04:15:15
	RandomizedDelaySec=30min
	Persistent=true

	[Install]
	WantedBy=timers.target