Let acmeuser reload nginx

This commit is contained in:
Tobias Strobel 2021-09-11 17:44:11 +02:00
parent 62f6effccd
commit 51bfee4f4f

View file

@ -27,6 +27,16 @@ source ~/.bashrc
acme.sh --set-default-ca --server letsencrypt
```
Allow user acmeuser to reload nginx, etc.
```bash
# Uncomment "includedir /etc/sudoers.d" in /etc/sudoers
sed -e '/includedir/ s/^##*/#/g' -i /etc/sudoers
cat >/etc/sudoers.d/acmeuser <<EOL
acmeuser ALL=NOPASSWD: /usr/bin/systemctl reload nginx.service
EOL
```
## Set up DNS validation with knsupdate (Knot)
Specify the DNS server which hosts your zone and the TSIG key which can update the zone via dynamic updates.
@ -60,7 +70,7 @@ acme.sh --install-cert -d $DOMAINLE --ecc \
--fullchain-file $CERTPATH/fullchain.pem \
--key-file $CERTPATH/privkey.pem \
--ca-file $CERTPATH/chain.pem \
--reloadcmd "/usr/bin/systemctl reload nginx.service"
--reloadcmd "sudo /usr/bin/systemctl reload nginx.service"
```
## Set up notifications