Recommendation on how to setup a central Lets Encrypt server for internal domain?

Discussion in 'Software Stuff' started by spyrule, Apr 13, 2019.

  1. spyrule

    spyrule Active Member

    Joined:
    Oct 8, 2013
    Messages:
    440
    Likes Received:
    40
    Hey,

    So this is something that I've been meaning to get to forever, and now that Let's Encrypt supports wildcard SSL Certs, Id like to setup a central linux box that I can setup, to generate the Main Certificate that I can use to secure my servers (all intranet based servers). Id like to attempt to automate this as much as possible.

    Does anybody have a decent instruction set (or link to) on how to setup from scratch a server dedicated to doing this?

    I'm not a deep linux expert by any means (I can get my way around a CLI though). Hence the reason why I'm asking.

    Thanks in advance.
     
    #1
  2. GuybrushThreepwood

    Joined:
    Aug 2, 2015
    Messages:
    57
    Likes Received:
    21
    I don't have many internal servers requiring it, but for those I do, I have the following simple script running on cron.
    I use certbot to generate wildcard cert and its subsequent renewals, with the following post-hook script:
    certbot -q renew --post-hook "/bin/systemctl reload nginx; /root/update-cert-to-remote-hosts.sh"

    In update-cert-to-remote-hosts.sh, I have the following commands listed per internal server:
    Code:
    #!/bin/bash
    /usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server1:/etc/nginx/ssl/domain.tld/
    /usr/bin/ssh root@server1 systemctl reload nginx
    /usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server2:/etc/nginx/ssl/domain.tld/
    /usr/bin/ssh root@server2 systemctl reload nginx
    /usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server3:/etc/nginx/ssl/domain.tld/
    /usr/bin/ssh root@server3 systemctl reload nginx
     
    #2
Similar Threads: Recommendation setup
Forum Title Date
Software Stuff CD burner recommendation Dec 19, 2018
Software Stuff Homelab SIEM recommendations? Apr 10, 2017
Software Stuff Proxmox VE 4.1 setup with scst srpt & srptools over Infiniband Dec 24, 2015

Share This Page