Recommendation on how to setup a central Lets Encrypt server for internal domain?

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
spyrule

spyrule

Active Member
Oct 8, 2013
458
46
28
ottawa, canada
thecanadianbacon.wordpress.com
Hey,

So this is something that I've been meaning to get to forever, and now that Let's Encrypt supports wildcard SSL Certs, Id like to setup a central linux box that I can setup, to generate the Main Certificate that I can use to secure my servers (all intranet based servers). Id like to attempt to automate this as much as possible.

Does anybody have a decent instruction set (or link to) on how to setup from scratch a server dedicated to doing this?

I'm not a deep linux expert by any means (I can get my way around a CLI though). Hence the reason why I'm asking.

Thanks in advance.
 
G

GuybrushThreepwood

Member
Aug 2, 2015
80
31
18
42
I don't have many internal servers requiring it, but for those I do, I have the following simple script running on cron.
I use certbot to generate wildcard cert and its subsequent renewals, with the following post-hook script:
certbot -q renew --post-hook "/bin/systemctl reload nginx; /root/update-cert-to-remote-hosts.sh"

In update-cert-to-remote-hosts.sh, I have the following commands listed per internal server:
Code: 
#!/bin/bash
/usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server1:/etc/nginx/ssl/domain.tld/
/usr/bin/ssh root@server1 systemctl reload nginx
/usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server2:/etc/nginx/ssl/domain.tld/
/usr/bin/ssh root@server2 systemctl reload nginx
/usr/bin/scp /etc/letsencrypt/live/domain.tld/* root@server3:/etc/nginx/ssl/domain.tld/
/usr/bin/ssh root@server3 systemctl reload nginx
 
You must log in or register to reply here.
Top Bottom