kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-23 22:45:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
97f4045c6855ab7d61d20e2278bd07148a8e5ca3
computer-playbook/roles/sys-ctl-mtn-cert-renew
History

README.md

Nginx Certbot Automation

🔥 Description

This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.

📖 Overview

Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.

Key Features

  • Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
  • Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
  • Systemd Integration: Manages renewal operations reliably with systemd and sys-ctl-alm-compose.
  • Quiet and Safe Operation: Uses --quiet and --agree-tos flags to ensure non-interactive renewals.

🎯 Purpose

The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.

🚀 Features

  • Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
  • Custom Systemd Service: Configures a lightweight, dedicated renewal service.
  • Timer Setup: Uses sys-timer to run certbot renewals periodically.
  • Failure Notification: Integrated with sys-ctl-alm-compose for alerting on failures.

🔗 Learn More