This outputs "Certbot has set up a scheduled task to automatically renew this certificate in the background." I assume this is true, so that no crontab needs to be manually configured.
Change the configuration to e.g. dream-bi
Certbot does this for port 80:
server {
if ($host = ocp25.open-contracting.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name ocp25.open-contracting.org ;
return 404; # managed by Certbot
}
I'm not sure what this looks like when multiple domains are on the same cert. In any case, we do this, from Mozilla:
https://docs.saltproject.io/en/latest/ref/states/all/salt.states.acme.html doesn't have a way to use the nginx certbot plugin (
python3-certbot-nginx
).Rough steps:
Add an nginx site, using the
acme
configurationRun
certbot --nginx -d DOMAIN
This outputs "Certbot has set up a scheduled task to automatically renew this certificate in the background." I assume this is true, so that no crontab needs to be manually configured.
Change the configuration to e.g.
dream-bi
Certbot does this for port 80:
I'm not sure what this looks like when multiple domains are on the same cert. In any case, we do this, from Mozilla:
/etc/letsencrypt/options-ssl-nginx.conf contains the following, which is close enough to Mozilla: