M5 carplay OTA Guide
Reply
Category Archives: Howto
WireGuard Server on a GL.iNet Router
How to Set Up a WireGuard Server on a GL.iNet Router
How to Set Up VPN Server (Flint 3) + VPN Client (Slate 7) in Minutes?
Does GL.iNet belong in your Home Network, and does it do VLANs? Hot Take! Flint
The Best Cheap Car Rental Hacks Nobody Talks About
Metasearch websites:
kayak.com
autorentals.com
How To Install a 240 Volt Outlet | Electric Car Charging
WireGuard and pivpn
PiVPN (https://www.pivpn.io/) – You can install it on any Debian OS, including Ubuntu
Letsencrypt and Certbot
Certbot User Guide
https://eff-certbot.readthedocs.io/en/latest/using.html
Instructions to install Certbot and a DNS plugin:
https://certbot.eff.org/instructions?ws=nginx&os=snap&tab=wildcard
Request a certificate via Cloudflare plugin:
Remove Snap Certbot (if exists)
sudo snap remove certbot
Install Certbot via APT (Debian/Ubuntu package):
sudo apt update
sudo apt install certbot python3-certbot-dns-cloudflare
Request a certificate:
# certbot-dns-cloudflare plugin
# https://certbot-dns-cloudflare.readthedocs.io/en/stable/
sudo certbot certonly \
--dns-cloudflare \
--dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
--dns-cloudflare-propagation-seconds 60 \
-d mycompliancetracker.com \
-d *.mycompliancetracker.com \
-d myctracker.com \
-d *.myctracker.com \
-d myctrackerpro.com \
-d *.myctrackerpro.com
cloudflare.ini content
# cloudflare.ini
# Cloudflare API token used by Certbot
# Get if from https://dash.cloudflare.com/profile/api-tokens
# You have to create a new one - you cannot see the value of an existing one.
# The token needs Zone:DNS:Edit permission
dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567
Change the permissions of the file:
chmod 600 cloudflare.ini
Test automatic renewal
sudo certbot renew --dry-run
Delete a certificate
certbot delete --cert-name mycompliancetracker.com
# or to choose from a list:
certbot delete
Sync the certificates
ssh-keygen -t rsa -b 4096 -C "Let's Encrypt sync key" -f ~/.ssh/letsencrypt_sync_key
ssh-copy-id ubuntu@dev-server.mycompliancetracker.com
ssh-copy-id -f -i ~/.ssh/letsencrypt_sync_key.pub -o IdentityFile=~/.ssh/dev-server.mycompliancetracker.com ubuntu@dev-server.mycompliancetracker.com
ssh-copy-id -f -i ~/.ssh/letsencrypt_sync_key.pub angel@ionos-ubuntu-01.anichin.com
-- Test to log in with the new key - Works
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'ubuntu@dev-server.mycompliancetracker.com'
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'angel@ionos-ubuntu-01.anichin.com'
ssh -o 'IdentityFile=/root/.ssh/letsencrypt_sync_key' 'root@ionos-ubuntu-01.anichin.com'
Transfer Certificates to Target Server
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/anichin.com && rsync" /etc/letsencrypt/live/anichin.com/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/anichin.com/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/anichin.com && rsync" /etc/letsencrypt/archive/anichin.com/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/anichin.com/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/anichin.com.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/pautalia.ca && rsync" /etc/letsencrypt/live/pautalia.ca/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/pautalia.ca/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/pautalia.ca && rsync" /etc/letsencrypt/archive/pautalia.ca/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/pautalia.ca/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/pautalia.ca.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/live/vickisplace.org && rsync" /etc/letsencrypt/live/vickisplace.org/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/live/vickisplace.org/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/archive/vickisplace.org && rsync" /etc/letsencrypt/archive/vickisplace.org/ angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/archive/vickisplace.org/
rsync -avz -e "ssh -i /root/.ssh/letsencrypt_sync_key" --rsync-path="mkdir -p /home/angel/letsencrypt/renewal && rsync" /etc/letsencrypt/renewal/vickisplace.org.conf angel@ionos-ubuntu-01.anichin.com:/home/angel/letsencrypt/renewal/
Option 1: Use sudo Without Password Prompt
sudo visudo
angel ALL=(ALL) NOPASSWD: /bin/systemctl reload nginx