Difference between revisions of "Certbot"

From Request Tracker Wiki
Jump to navigation Jump to search
m
m
Line 18: Line 18:
 
You can then install the certificate in your webserver as per it's documentation, by default the keys and certificates will be located in:
 
You can then install the certificate in your webserver as per it's documentation, by default the keys and certificates will be located in:
 
  <nowiki>
 
  <nowiki>
 +
/etc/letsencrypt/live/<your domain or rt hostname>/cert.pem
 
/etc/letsencrypt/live/<your domain or rt hostname>/fullchain.pem
 
/etc/letsencrypt/live/<your domain or rt hostname>/fullchain.pem
 
/etc/letsencrypt/live/<your domain or rt hostname>/privkey.pem</nowiki>
 
/etc/letsencrypt/live/<your domain or rt hostname>/privkey.pem</nowiki>

Revision as of 21:04, 14 February 2019

Returning content NOT in RT such as ACME challenges for certbot

Getting RT to serve static content can seem to be quite an issue, especially if it is to be dynamically created such as the ACME challenge/response that LetsEncrypt's certbot uses. The solution is quite simple. In your RT_SiteConfig.pm you can add the StaticRoots directive to serve static pages. Follows is an example of how to use this feature for obtaining certbot authorised requests:

Set( @StaticRoots,
        {
            path => sub { s!^/.well-known/!! },
            root => '/usr/local/share/html/.well-known/'
        },
    );

After restarting your RT server, you can then issue a certbot request as follows:

certbot certonly --webroot -w /usr/local/share/html -d <your domain or rt hostname>

Note: This assumes '/usr/local/share/html' is your document root, change as appropriate to your site, it does not have to be the location of your RT server or files.

You can then install the certificate in your webserver as per it's documentation, by default the keys and certificates will be located in:

/etc/letsencrypt/live/<your domain or rt hostname>/cert.pem
/etc/letsencrypt/live/<your domain or rt hostname>/fullchain.pem
/etc/letsencrypt/live/<your domain or rt hostname>/privkey.pem

To finish the installation and make certificate renewals automatic on UNIX you can add the following to crontab:

2 2 1 * * /usr/local/bin/certbot renew --webroot -w /usr/local/share/html -d <your domain or rt hostname> && service apache24 restart