Let acmeuser reload nginx

This commit is contained in:
Tobias Strobel 2021-09-11 17:44:11 +02:00
parent 62f6effccd
commit 51bfee4f4f

View file

@ -27,6 +27,16 @@ source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt acme.sh --set-default-ca --server letsencrypt
``` ```
Allow user acmeuser to reload nginx, etc.
```bash
# Uncomment "includedir /etc/sudoers.d" in /etc/sudoers
sed -e '/includedir/ s/^##*/#/g' -i /etc/sudoers
cat >/etc/sudoers.d/acmeuser <<EOL
acmeuser ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
EOL
```
## Set up DNS validation with knsupdate (Knot) ## Set up DNS validation with knsupdate (Knot)
Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates. Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates.
@ -60,7 +70,7 @@ acme.sh --install-cert -d $DOMAINLE --ecc \
--fullchain-file $CERTPATH/fullchain.pem \ --fullchain-file $CERTPATH/fullchain.pem \
--key-file $CERTPATH/privkey.pem \ --key-file $CERTPATH/privkey.pem \
--ca-file $CERTPATH/chain.pem \ --ca-file $CERTPATH/chain.pem \
--reloadcmd "/usr/bin/systemctl reload nginx.service" --reloadcmd "sudo /usr/bin/systemctl reload nginx.service"
``` ```
## Set up notifications ## Set up notifications