Category Archives: Howto

Copy Let’s Encrypt certificate to another server after renewal

Posted on by
Reply

Steps:

    1. Set Up Passwordless SSH Access

    Ensure that the server running Let’s Encrypt (Server1) can connect to the target server (Server2) via SSH without a password:

    On Server1, generate an SSH key pair (if not already created):

    ssh-keygen -t rsa -b 4096

    Copy the public key to Server2:

    ssh-copy-id user@server2

    Replace user with the username on Server2.

    2. Create a Script for Copying Certificates

    On Server1, create a script (e.g., copy_cert.sh) to copy the certificate files to Server2:

    #!/bin/bash
    REMOTE_USER="user"
    REMOTE_SERVER="server2"
    REMOTE_PATH="/path/to/certificates"

    scp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/
    scp /etc/letsencrypt/live/yourdomain.com/privkey.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/

    Replace yourdomain.com with your domain.

    Replace /path/to/certificates with the directory on Server2 where the certificates should be stored.

    Make the script executable:

    chmod +x copy_cert.sh

    3. Test the Script

    Run the script manually to ensure the certificates are copied successfully

    ./copy_cert.sh

    4. Use Certbot’s --deploy-hook

    Modify the Certbot renewal configuration to include a deploy hook that runs the script after successful renewal. You can add this directly when renewing or use an existing configuration:

    certbot renew --deploy-hook "/path/to/copy_cert.sh"

    Alternatively, edit the renewal configuration file (usually located at /etc/letsencrypt/renewal/yourdomain.com.conf):

    renew_hook = /path/to/copy_cert.sh

    5. Ensure Scheduled Renewal

    Certbot typically installs a cron job or systemd timer for automatic renewal. Verify it:

    For cron: Check /etc/cron.d/certbot.

    For systemd: Check certbot.timer with:

    systemctl list-timers | grep certbot

    6. Restart Services on Server2 (Optional)

    If the certificates are used by a service (e.g., Nginx or Apache) on Server2, modify the script to restart the service:

    ssh ${REMOTE_USER}@${REMOTE_SERVER} "sudo systemctl reload nginx"

    Now, whenever the certificate is renewed on Server1, it will automatically be copied to Server2 and (optionally) reload the relevant service.

    Git: go back to a specific commit and discard all commits after it permanently

    Posted on by
    Reply


    To permanently go back to a specific commit and discard all commits after it, you can use the following Git commands:

    1) Reset to the specific commit:

    git reset --hard <commit-hash>

    Replace <commit-hash> with the hash of the specific commit you want to reset to. This will move your branch pointer back to that commit and discard any changes in the working directory and staging area.

    2) Force push the reset (if working with a remote branch):

    If you’re working on a branch that is shared with others or is pushed to a remote repository (e.g., origin), you’ll need to force push the changes to discard the later commits on the remote as well:

    git push origin <branch-name> --force

    Replace <branch-name> with the name of your branch.

    Caution

    This is a destructive operation: All the commits after the specified one will be lost permanently unless they exist in another branch or are otherwise referenced.

    Make sure you’re certain before running these commands, especially when using --force, as it changes the history on the remote repository, which can affect other collaborators.