Certbot Installation and Configuration(Ubuntu)

-

1. Installation:

   Begin by updating your package list and installing Certbot using the following commands:

   

   sudo apt update

   sudo apt install certbot python3-certbot-nginx

 

2. Configuring Certbot for Nginx:

   Certbot offers automated Nginx configuration. Execute the command below to acquire and install a certificate. Certbot will seamlessly modify your Nginx configuration to enable HTTPS:

   

   sudo certbot –nginx

   

   Certbot will lead you through the process, prompting for the domain names you wish to secure. It will then handle the automatic configuration of your Nginx server block(s) with the new certificate.

   > Note: If opting for the standalone method (not recommended if Nginx is already active), replace '--nginx' with '--standalone'.

 

3. Certificate Renewal:

   Certificates issued by Certbot have a 90-day lifespan. Automate the renewal process with a cron job that efficiently renews certificates nearing expiration. Certbot ensures that only certificates due for renewal are processed.

   

   To create the cron job, enter the following command:

   

   sudo crontab -e

   

   Insert this line into the crontab configuration to renew certificates daily at midnight:

   

   0 0    /usr/bin/certbot renew

   

   The crontab format follows:

 

    * * * * * command(s)

    - - - - -

    | | | | |

    | | | | ----- Day of week (0 - 7) (Sunday=0 or 7)

    | | | ------- Month (1 - 12)

    | | --------- Day of month (1 - 31)

    | ----------- Hour (0 - 23)

    ------------- Minute (0 - 59)

 

   Certbot exclusively renews certificates within 30 days of expiration, ensuring the safety of daily renewal execution.

 

4. Domain and Email Configuration:

   When obtaining the certificate, customize your domain and email settings using this command:

 

   sudo certbot certonly -d example.com --standalone -m your@email.com --agree-tos -n --no-eff-email

 

   Replace 'example.com' with your actual domain and 'your@email.com' with your email address. The '--no-eff-email' flag prevents email addresses from being included in the EFF's email obfuscation database.

 

5. Nginx Reload or Restart:

   After acquiring or renewing certificates, apply the changes by reloading or restarting Nginx:

   

 

   sudo systemctl reload nginx

   

By following these steps, you can successfully install Certbot, configure it for Nginx, secure your domain, and establish automated SSL certificate renewal on an Ubuntu server.

 

 


Comments

Post a Comment

Popular posts from this blog

Building Your DHIS2 Tracker Event -Power BI Model

-
Image
 DHIS2 offers the Web API as a robust means for external systems or tools to access and manipulate data stored in your DHIS2 instance. This comes in handy whenever you want to: Push metadata in or out of the instance, Push/pull data into a DHIS2 instance i.e. MoH to Implementing Partner or into analytical tools such as PowerBI and Tableau. The focus of this document is building a Tracker/Event-based data model in PowerBI. Of importance, the tracker Web API consists of 3 endpoints (tracked entity instances, enrollments, events) with full CRUD support ( DHIS2 Documentation ), refer – Figure 1. Figure 1 : EndPoints Baseurl: https://yourdhis2.com/prod/ Essential/Core Endpoints Endpoint Sample Payload API Call TrackedEntity Instance Baseurl/api/trackedEntityInstances.json?ou=L66MANY1j43&ouMode=DESCENDANTS&program=yw0mVtYaERN&trackedEntityInstance=ydKJVwz8h3t&fields=trackedEntityInstance,tracke...
Read more

DHIS2 Database Migration/Restoration Process

-
  DHIS2 Database Migration/Restoration Process This process assumes that the OS is Linux and that you have both the current DHIS2 setup (Will call it “Origin”) and a new/empty DHIS2 instance (Will call it “Destination”) where you intend to migrate data. Actions at Origin Server [Linux] Create a sql dump of the current/origin database: user@origin_server$ sudo su - postgres  postgres@origin_server$ pg_dump dhis2 -U dhis -f dhis2_origin_db.sql   Copy the sql dump to the destination server. You can use ssh client such as PUTTY/WinSCP or simply use the command below: user@origin_server$ scp dhis2_origin_db.sql dhis@ destination_server :/home/dhis/ Actions at Origin Server [Windows] Open Command Line Window Navigate to Postgres bin folder i.e cd C:\Program Files\PostgreSQL\9.6\bin Dump the database using the command below pg_dump.exe -U postgres -d dhis2 -f D:\Backup\<backup-file-name>.sql Type password for your postgres user You may cop...
Read more