Letsencrypt Wildcard With Hetzner DNS#

https://community.hetzner.com/tutorials/letsencrypt-dns

Example domain: felixhummel.de

apt install curl jq certbot
cat > /etc/hetzner-dns-token  # https://dns.hetzner.com/settings/api-token
curl https://raw.githubusercontent.com/felixhummel/hetzner-dns-certbot/master/certbot-hetzner-auth.sh > /usr/local/bin/certbot-hetzner-auth.sh
curl https://raw.githubusercontent.com/felixhummel/hetzner-dns-certbot/master/certbot-hetzner-cleanup.sh > /usr/local/bin/certbot-hetzner-cleanup.sh
chmod +x /usr/local/bin/certbot-hetzner-auth.sh
chmod +x /usr/local/bin/certbot-hetzner-cleanup.sh
certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /usr/local/bin/certbot-hetzner-auth.sh --manual-cleanup-hook /usr/local/bin/certbot-hetzner-cleanup.sh -d felixhummel.de -d *.felixhummel.de

https://stevenwestmoreland.com/2017/11/renewing-certbot-certificates-using-a-systemd-timer.html

Note certbot-renew instead of certbot-renewal.

cat <<'EOF' > /etc/systemd/system/certbot-renew.service
[Unit]
Description=Certbot Renewal

[Service]
ExecStart=/usr/bin/certbot renew --post-hook "systemctl reload caddy"
EOF

cat <<'EOF' > /etc/systemd/system/certbot-renew.timer
[Unit]
Description=Timer for Certbot Renewal

[Timer]
OnBootSec=300
OnUnitActiveSec=1w

[Install]
WantedBy=multi-user.target
EOF

systemctl start certbot-renew.timer
systemctl enable certbot-renew.timer
systemctl status certbot-renew.timer
journalctl -u certbot-renew.service

Allow the user caddy to read /etc/Letsencrypt/:

setfacl --recursive --modify u:caddy:rX,d:u:caddy:rX /etc/letsencrypt/

# check
sudo -Hnu caddy namei -l /etc/letsencrypt/live/*/privkey.pem

TIL: Grafana Dashboard Link Time Range Tuxedo Akku Aufgebläht

Recent Posts

Tags

Archives

Languages

Letsencrypt Wildcard With Hetzner DNS#