tobias/scripts
1
0
Fork 0
Code Releases Activity

Let acmeuser reload nginx

Browse source
This commit is contained in:
Tobias Strobel 2021-09-11 17:44:11 +02:00
parent 62f6effccd
commit 51bfee4f4f
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
acmesh.md
View file

@ -27,6 +27,16 @@ source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt acme.sh --set-default-ca --server letsencrypt
``` ```
Allow user acmeuser to reload nginx, etc.
```bash
# Uncomment "includedir /etc/sudoers.d" in /etc/sudoers
sed -e '/includedir/ s/^##*/#/g' -i /etc/sudoers
cat >/etc/sudoers.d/acmeuser <<EOL
acmeuser ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
EOL
```
## Set up DNS validation with knsupdate (Knot) ## Set up DNS validation with knsupdate (Knot)
Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates. Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates.
@ -60,7 +70,7 @@ acme.sh --install-cert -d $DOMAINLE --ecc \
--fullchain-file $CERTPATH/fullchain.pem \ --fullchain-file $CERTPATH/fullchain.pem \
--key-file $CERTPATH/privkey.pem \ --key-file $CERTPATH/privkey.pem \
--ca-file $CERTPATH/chain.pem \ --ca-file $CERTPATH/chain.pem \
--reloadcmd "/usr/bin/systemctl reload nginx.service" --reloadcmd "sudo /usr/bin/systemctl reload nginx.service"
``` ```
## Set up notifications ## Set up notifications