Category Archives: Ubuntu

Copy Let’s Encrypt certificate to another server after renewal

Posted on by
Reply

Steps:

    1. Set Up Passwordless SSH Access

    Ensure that the server running Let’s Encrypt (Server1) can connect to the target server (Server2) via SSH without a password:

    On Server1, generate an SSH key pair (if not already created):

    ssh-keygen -t rsa -b 4096

    Copy the public key to Server2:

    ssh-copy-id user@server2

    Replace user with the username on Server2.

    2. Create a Script for Copying Certificates

    On Server1, create a script (e.g., copy_cert.sh) to copy the certificate files to Server2:

    #!/bin/bash
    REMOTE_USER="user"
    REMOTE_SERVER="server2"
    REMOTE_PATH="/path/to/certificates"

    scp /etc/letsencrypt/live/yourdomain.com/fullchain.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/
    scp /etc/letsencrypt/live/yourdomain.com/privkey.pem ${REMOTE_USER}@${REMOTE_SERVER}:${REMOTE_PATH}/

    Replace yourdomain.com with your domain.

    Replace /path/to/certificates with the directory on Server2 where the certificates should be stored.

    Make the script executable:

    chmod +x copy_cert.sh

    3. Test the Script

    Run the script manually to ensure the certificates are copied successfully

    ./copy_cert.sh

    4. Use Certbot’s --deploy-hook

    Modify the Certbot renewal configuration to include a deploy hook that runs the script after successful renewal. You can add this directly when renewing or use an existing configuration:

    certbot renew --deploy-hook "/path/to/copy_cert.sh"

    Alternatively, edit the renewal configuration file (usually located at /etc/letsencrypt/renewal/yourdomain.com.conf):

    renew_hook = /path/to/copy_cert.sh

    5. Ensure Scheduled Renewal

    Certbot typically installs a cron job or systemd timer for automatic renewal. Verify it:

    For cron: Check /etc/cron.d/certbot.

    For systemd: Check certbot.timer with:

    systemctl list-timers | grep certbot

    6. Restart Services on Server2 (Optional)

    If the certificates are used by a service (e.g., Nginx or Apache) on Server2, modify the script to restart the service:

    ssh ${REMOTE_USER}@${REMOTE_SERVER} "sudo systemctl reload nginx"

    Now, whenever the certificate is renewed on Server1, it will automatically be copied to Server2 and (optionally) reload the relevant service.

    How to Install Nginx on Ubuntu 24.04 LTS (Step by Step)

    Posted on by
    Reply

    https://www.linuxtechi.com/install-nginx-web-server-on-ubuntu

    https://docs.vultr.com/how-to-install-nginx-web-server-on-ubuntu-24-04

    How to Install Plex Media Server on Ubuntu 24.04, 22.04, or 20.04

    Posted on by
    Reply

    https://linuxcapable.com/install-plex-media-server-on-ubuntu-linux

    Desktop Environment (Change)

    Posted on by
    Reply

    https://support.system76.com/articles/desktop-environment/#different-desktop-environments

    Change Default Display Manager:

    sudo dpkg-reconfigure gdm3

    Check which display manager is running:

    systemctl status display-manager.service  or  $ cat /etc/X11/default-display-manager

    Restart GDM:

    sudo systemctl restart gdm

    Ubuntu + RDP on Oracle Cloud

    Posted on by
    Reply

    The first one works the best. Open an SSH connection to the server and run these commands:

    sudo su
    cd ~
    apt update
    apt upgrade
    apt -y install lxqt sddm xrdp
    systemctl status xrdp

    The XRDP port needs to be open in Oracle Cloud and search for ‘Virtual Cloud Networks’. Then select the network and go to the ‘Security Lists’ and click on the default one. Then add ingress rules:

    The open the port in iptables by editing /etc/iptables/rules.v4

    Make a copy of the rule for port 22 and change the value to 3389

    Then run:

    iptables-restore < /etc/iptables/rules.v4

    Create a file in your home folder (/root) called .xsession

    nano .xsession

    Alternative videos – they may install a different desktop:

    OpenSSH SSH-2 private key (old PEM format)

    Posted on by
    Reply

    Taken from here: https://stackoverflow.com/questions/60884217/openssh-ssh-2-private-key-old-pem-format-on-azure-linux-vm

    You’ve used ssh-keygen to create a private key file called id_rsa.ppk. However this is an OpenSSH-format private key and needs to be converted to Putty’s own format to use in Putty.

    Your options are:

    1. Use this key with command-line SSH (it’s in the correct format). You can either
      1. specify the file on the command line e.g. ssh -i id_rsa.ppk azureuser@vm
      2. make a folder C:\Users\Aquib\.ssh and move it there as C:\Users\Aquib\.ssh\id_rsa (no extension): ssh will now load this file by default to use for all servers that you try to connect to
      3. if you don’t want to use this for all servers, or e.g. if you already have a default id_rsa that you use with git, you can set up a C:\Users\Aquib\.ssh\config file that tells SSH where to find the key and tell it which servers it should use it for.
    2. Convert this file into the right format to use with Putty:
      1. In Puttygen, in the ‘Conversions’ menu choose ‘Import’ and load id_rsa.ppk
      2. ‘Save private key’ to a different file
      3. Use this new file with Putty, either on the connection properties menu or run Pageant (the Putty key agent) and ‘Add key’ the new file. (You can e.g. create a shortcut to pageant in your Startup menu and give it the key file name as a commandline parameter so this is loaded automatically for you.)