Kevin Veen-Birkenbach
97af4990aa
- Rename sys-svc-webserver -> sys-svc-webserver-core - Rename sys-stk-front-pure -> sys-svc-webserver-https - Update includes, run_once flags, and docs across: * sys-ctl-mtn-cert-renew * sys-front-inj-* * sys-stk-front-proxy * sys-svc-certs * sys-svc-cln-domains * web-opt-rdr-* * web-svc-* - Remove redundant webserver include in web-opt-rdr-www - Fix documentation links Ref: ChatGPT conversation https://chatgpt.com/share/68d6cea2-3570-800f-acb3-c3277317f17b
Nginx Certbot Automation
🔥 Description
This role automates the setup of an automatic Let's Encrypt certificate renewal system for Nginx using Certbot. It ensures that SSL/TLS certificates are renewed seamlessly in the background and that Nginx reloads automatically after successful renewals.
📖 Overview
Optimized for Archlinux systems, this role installs the certbot-nginx package, configures a dedicated systemd service for certificate renewal, and integrates with a sys-timer to schedule periodic renewals. After a renewal, Nginx is reloaded to apply the updated certificates immediately.
Key Features
- Automatic Renewal: Schedules unattended certificate renewals using sys-timers.
- Seamless Nginx Reload: Reloads the Nginx service automatically after successful renewals.
- Systemd Integration: Manages renewal operations reliably with
systemdandsys-ctl-alm-compose. - Quiet and Safe Operation: Uses
--quietand--agree-tosflags to ensure non-interactive renewals.
🎯 Purpose
The Nginx Certbot Automation role ensures that Let's Encrypt SSL/TLS certificates stay valid without manual intervention. It enhances the security and reliability of web services by automating certificate lifecycle management.
🚀 Features
- Certbot-Nginx Package Installation: Installs required certbot plugins for Nginx.
- Custom Systemd Service: Configures a lightweight, dedicated renewal service.
- Timer Setup: Uses sys-timer to run certbot renewals periodically.
- Failure Notification: Integrated with
sys-ctl-alm-composefor alerting on failures.