kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 02:10:05 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
8d6ebb4693f71ae2a512cb65c6918463e783ef78
computer-playbook/roles/sys-ctl-mtn-cert-renew/README.md
Kevin Veen-Birkenbach 3a839cfe37 Refactor systemctl services and categories due to alarm bugs 
This commit restructures systemctl service definitions and category mappings.

Motivation: Alarm-related bugs revealed inconsistencies in service and role handling.

Preparation step: lays the groundwork for fixing the alarm issues by aligning categories, roles, and service templates.
2025-08-18 13:35:43 +02:00

34 lines
1.9 KiB
Markdown
Raw Blame History

# Nginx Certbot Automation
## 🔥 Description
This role automates the setup of an automatic [Let's Encrypt](https://letsencrypt.org/) certificate renewal system for Nginx using [Certbot](https://certbot.eff.org/). It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.
## 📖 Overview
Optimized for Archlinux systems, this role installs the `certbot-nginx` package, configures a dedicated `systemd` service for certificate renewal, and integrates with a `sys-timer` to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.
### Key Features
- **Automatic Renewal:** Schedules unattended certificate renewals using sys-timers.
- **Seamless Nginx Reload:** Reloads the Nginx service automatically after successful renewals.
- **Systemd Integration:** Manages renewal operations reliably with `systemd` and `sys-ctl-alm-compose`.
- **Quiet and Safe Operation:** Uses `--quiet` and `--agree-tos` flags to ensure non-interactive renewals.
## 🎯 Purpose
The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.
## 🚀 Features
- **Certbot-Nginx Package Installation:** Installs required certbot plugins for Nginx.
- **Custom Systemd Service:** Configures a lightweight, dedicated renewal service.
- **Timer Setup:** Uses sys-timer to run certbot renewals periodically.
- **Failure Notification:** Integrated with `sys-ctl-alm-compose` for alerting on failures.
## 🔗 Learn More
- [Certbot Official Website](https://certbot.eff.org/)
- [Let's Encrypt](https://letsencrypt.org/)
- [Systemd (Wikipedia)](https://en.wikipedia.org/wiki/Systemd)
- [HTTPS (Wikipedia)](https://en.wikipedia.org/wiki/HTTPS)
Reference in New Issue View Git Blame Copy Permalink