fork of https://gist.github.com/ysc3839/6e967c4541f585107eebb6bb777a7935 running with legouser + ovh DNS challenge. Thank you
Systemd timer for lego
Since I had snap on the server, I installed lego with sudo snap install lego
. (and since regretted, but went with anyway)
restarting Apache turned out a bit difficult with the renew-hook... thus the restart service (which will be run every time the lego service runs...)
I'm creating the certs to /etc/legossl/
with group www-data to allow the webserver to read them
Alternatively one could go with Certbot, which also nicely documents the OVH credential creation certbot-dns-ovh. Since I had some trouble with my internal addressed and local DNS, which resulted in Lego trying to use internal.example.com as zone for site.internal.example.com, and OVH failed the request due to the incorrect zone, I went with --dns.resolvers 1.1.1.1:53
which bypasses the problem
Place lego.service
,lego.timer
and apache-restart.service
in /etc/systemd/system
.
Place config
in /var/lib/lego
and webserver-reload.sh
in /home/legouser/snap/lego/common/chmod.sh
(chown legouser:legouser, +x) (so snap can read it)
You should modify config
(chmod 600). (chown legouser:legouser)
Finally execute sudo systemctl enable lego.timer
.
You need to create this directory and use lego ... run
to create acme account.
Mistakes should be expected, so do start with the staging server.