-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5 from ar-io/certbot-autorenew
chore(certbot): add auto renewal setup for cloudflare and namecheap
- Loading branch information
Showing
3 changed files
with
217 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 94 additions & 0 deletions
94
docs/src/gateways/ar-io-node/certbot/certbot-renewal-cloudflare.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,94 @@ | ||
| # Setup Certbot with Auto Renewal for Cloudflare | ||
|
|
||
| 1. Navigate to Cloudflare -> My Profile -> API Tokens -> Create Token | ||
| You only need to select the following permissions | ||
|
|
||
| <p align="center"> | ||
| <img src="https://arweave.net/GMzqNXNCQMSLqyt7SV7FrGOgCuGBeaO5qjRWibFkVBE" width="300"> | ||
| </p> | ||
|
|
||
| 2. On your server, install certbot and DNS plugin for Cloudflare | ||
|
|
||
| ```bash | ||
| apt update | ||
| apt install certbot -y | ||
| ``` | ||
|
|
||
| 3. Install DNS plugin for Cloudflare | ||
|
|
||
| ```bash | ||
| apt install python3-certbot-dns-cloudflare -y | ||
| ``` | ||
|
|
||
| 4. Create ini file with api key and secret | ||
|
|
||
| ```bash | ||
| nano /etc/letsencrypt/cloudflare.ini | ||
| ``` | ||
|
|
||
| 4. Add api key and secret created in step 1 | ||
|
|
||
| ``` | ||
| dns_cloudflare_api_token = <api key> | ||
| ``` | ||
|
|
||
| 5. Save the file and update permissions | ||
|
|
||
| ``` | ||
| chmod 600 /etc/letsencrypt/cloudflare.ini | ||
| ``` | ||
|
|
||
| 6. Generate certificate using certbot with DNS plugin for Cloudflare | ||
|
|
||
| ```bash | ||
| certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d <domain.com> -d <\*.domain.com> | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Successfully received certificate. | ||
| Certificate is saved at: /etc/letsencrypt/live/<domain.com>/fullchain.pem | ||
| Key is saved at: /etc/letsencrypt/live/<domain.com>/privkey.pem | ||
| ``` | ||
|
|
||
| 7. Validate certificate and dns update with dry run (this will not create a new certificate or update dns) | ||
|
|
||
| ```bash | ||
| certbot renew --dry-run | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Saving debug log to /var/log/letsencrypt/letsencrypt.log | ||
|
|
||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Processing /etc/letsencrypt/renewal/<domain.com>.conf | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Account registered. | ||
| Simulating renewal of an existing certificate for <domain.com> and <*.domain.com> | ||
| Waiting 10 seconds for DNS changes to propagate | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Congratulations, all simulated renewals succeeded: | ||
| /etc/letsencrypt/live/<domain.com>/fullchain.pem (success) | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| ``` | ||
|
|
||
| 8. Reload nginx to apply new certificate (optional) | ||
|
|
||
| ```bash | ||
| systemctl reload nginx | ||
| ``` | ||
|
|
||
| 9. Validate certbot timer | ||
|
|
||
| ```bash | ||
| systemctl list-timers | grep certbot | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Tue 2024-11-05 02:22:10 UTC 3h 21min Mon 2024-11-04 17:16:51 UTC 5h 43min ago certbot.timer certbot.service | ||
| ``` |
110 changes: 110 additions & 0 deletions
110
docs/src/gateways/ar-io-node/certbot/certbot-renewal-namecheap.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,110 @@ | ||
| # Setup Certbot with Auto Renewal for NameCheap | ||
|
|
||
| #### Note: Namecheap has specific requirements to create an API key. As of ~October 2024 they are: | ||
|
|
||
| - At least 20 domains under your account. | ||
| - A minimum of $50 in your account balance. | ||
| - At least $50 spent within the last 2 years. | ||
|
|
||
| If you do not meet these requirements, you can request a waiver by contacting Namecheap support. | ||
|
|
||
| #### Steps: | ||
|
|
||
| 1. Navigate to Namecheap -> Profile > Tools > Manage API Access Keys | ||
|
|
||
| <p align="center"> | ||
| <img src="https://www.namecheap.com/assets/img/press-release/ip-whitelist.png" width="400"> | ||
| </p> | ||
|
|
||
| 2. On your server, install certbot and DNS plugin for Namecheap | ||
|
|
||
| ```bash | ||
| apt update | ||
| apt install certbot -y | ||
| ``` | ||
|
|
||
| 3. Install pip | ||
|
|
||
| ```bash | ||
| apt install python3-pip -y | ||
| ``` | ||
|
|
||
| 4. Install DNS plugin for Namecheap | ||
|
|
||
| ```bash | ||
| pip install certbot-dns-namecheap -y | ||
| ``` | ||
|
|
||
| 5. Create ini file with api key and secret | ||
|
|
||
| ```bash | ||
| nano /etc/letsencrypt/namecheap.ini | ||
| ``` | ||
|
|
||
| 4. Add api key and secret created in step 1 | ||
|
|
||
| ``` | ||
| dns_namecheap_username = <your_username> | ||
| dns_namecheap_api_key = <your_api_key> | ||
| ``` | ||
|
|
||
| 5. Save the file and update permissions | ||
|
|
||
| ``` | ||
| chmod 600 /etc/letsencrypt/namecheap.ini | ||
| ``` | ||
|
|
||
| 6. Generate certificate using certbot with DNS plugin for Namecheap | ||
|
|
||
| ```bash | ||
| certbot certonly --dns-namecheap --dns-namecheap-credentials /etc/letsencrypt/namecheap.ini -d <domain.com> -d <\*.domain.com> | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Successfully received certificate. | ||
| Certificate is saved at: /etc/letsencrypt/live/<domain.com>/fullchain.pem | ||
| Key is saved at: /etc/letsencrypt/live/<domain.com>/privkey.pem | ||
| ``` | ||
|
|
||
| 7. Validate certificate and dns update with dry run (this will not create a new certificate or update dns) | ||
|
|
||
| ```bash | ||
| certbot renew --dry-run | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Saving debug log to /var/log/letsencrypt/letsencrypt.log | ||
|
|
||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Processing /etc/letsencrypt/renewal/<domain.com>.conf | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Account registered. | ||
| Simulating renewal of an existing certificate for <domain.com> and <*.domain.com> | ||
| Waiting 10 seconds for DNS changes to propagate | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| Congratulations, all simulated renewals succeeded: | ||
| /etc/letsencrypt/live/<domain.com>/fullchain.pem (success) | ||
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
| ``` | ||
|
|
||
| 8. Reload nginx to apply new certificate (optional) | ||
|
|
||
| ```bash | ||
| systemctl reload nginx | ||
| ``` | ||
|
|
||
| 9. Validate certbot timer | ||
|
|
||
| ```bash | ||
| systemctl list-timers | grep certbot | ||
| ``` | ||
|
|
||
| Results: | ||
|
|
||
| ```bash | ||
| Tue 2024-11-05 02:22:10 UTC 3h 21min Mon 2024-11-04 17:16:51 UTC 5h 43min ago certbot.timer certbot.service | ||
| ``` |