Copy Let’s Encrypt certificate to another server after renewal

Posted on by
Reply

Steps:

    1. Set Up Passwordless SSH Access

    Ensure that the server running Let’s Encrypt (Server1) can connect to the target server (Server2) via SSH without a password:

    On Server1, generate an SSH key pair (if not already created):

    ssh-keygen -t rsa -b 4096

    Copy the public key to Server2:

    ssh-copy-id user@server2

    Replace user with the username on Server2.

    2. Create a Script for Copying Certificates

    On Server1, create a script (e.g., copy_cert.sh) to copy the certificate files to Server2:

    #!/bin/bash
    REMOTE_USER="user"
    REMOTE_SERVER="server2"
    REMOTE_PATH="/path/to/certificates"

    scp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/
    scp /etc/letsencrypt/live/yourdomain.com/privkey.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/

    Replace yourdomain.com with your domain.

    Replace /path/to/certificates with the directory on Server2 where the certificates should be stored.

    Make the script executable:

    chmod +x copy_cert.sh

    3. Test the Script

    Run the script manually to ensure the certificates are copied successfully

    ./copy_cert.sh

    4. Use Certbot’s --deploy-hook

    Modify the Certbot renewal configuration to include a deploy hook that runs the script after successful renewal. You can add this directly when renewing or use an existing configuration:

    certbot renew --deploy-hook "/path/to/copy_cert.sh"

    Alternatively, edit the renewal configuration file (usually located at /etc/letsencrypt/renewal/yourdomain.com.conf):

    renew_hook = /path/to/copy_cert.sh

    5. Ensure Scheduled Renewal

    Certbot typically installs a cron job or systemd timer for automatic renewal. Verify it:

    For cron: Check /etc/cron.d/certbot.

    For systemd: Check certbot.timer with:

    systemctl list-timers | grep certbot

    6. Restart Services on Server2 (Optional)

    If the certificates are used by a service (e.g., Nginx or Apache) on Server2, modify the script to restart the service:

    ssh ${REMOTE_USER}@${REMOTE_SERVER} "sudo systemctl reload nginx"

    Now, whenever the certificate is renewed on Server1, it will automatically be copied to Server2 and (optionally) reload the relevant service.

    Промяна на предназначението на земеделски земи

    Posted on by
    Reply
    Промяна на предназначението на земеделски земи

    How to Be More Approachable: 15 Pro Tips You’re Not Using

    Posted on by
    Reply

    https://www.scienceofpeople.com/ways-to-become-more-approachable

    How to Install Nginx on Ubuntu 24.04 LTS (Step by Step)

    Posted on by
    Reply

    https://www.linuxtechi.com/install-nginx-web-server-on-ubuntu

    https://docs.vultr.com/how-to-install-nginx-web-server-on-ubuntu-24-04

    How to Install Plex Media Server on Ubuntu 24.04, 22.04, or 20.04

    Posted on by
    Reply

    https://linuxcapable.com/install-plex-media-server-on-ubuntu-linux