ben/diyhosting
ben
/
diyhosting
1
0
Fork 1
Code Issues 1 Pull Requests Projects Releases Wiki Activity
diyhosting/standalone.html

29 lines
2.1 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html lang=en>
<head>
<title>Certbot on Standalone Domains and Subdomains &ndash; diyhosting.bhh.sh</title>
<!--# include file=".nav.html" -->
</head>
<body>
<header><h1>Certbot on Standalone Domains and Subdomains</h1></header>
<nav></nav>
<main>
<p>The command <code>certbot --nginx</code> will take an unencrypted website on an Nginx configuration file, get a certificate for it and change the configuration to use that certificate and thus HTTPS.</p>
<p>Sometimes, however, you are given an Nginx configuration template that already has encryption/HTTPS, so running the automated <code>certbot --nginx</code> is not possible, as it will simply give an error saying that the certicate that Nginx is looking for doesn't already exist and thus the Nginx config is broken.</p>
<p>So suppose you want to get a certificate for <strong>pleroma.example.org</strong> because you are installing Pleroma and the configuration file presupposes a certificate.
In this case you would want to run this:</p>
<pre><code>systemctl stop nginx
certbot certonly --standalone -d <strong>pleroma.example.org</strong>
systemctl start nginx</code></pre>
<p>What we do here is temporarily turn of Nginx, then run a <code>certonly</code> subcommand that generates a certificate for the domain without changing or caring about the Nginx configuration. Then we reactivate Nginx, thus turning back on our webserver.</p>
<p>The reason we deactivate Nginx is that it uses the ports that Certbot will want to bind to, and thus we must temporarily turn Nginx off to let Certbot use those ports. (What it actually does is spin up a dummy webserver that doesn't need to think about the Nginx configuration.)</p>
<p>This is just a little note of something that might confuse people, but the three commands above should suffice. If your site is still managed by Nginx, it should still be able to renew with simple <code>certbot renew --nginx</code> without a problem.</p>
</main>
<!--# include file=".footer.html" -->
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink