Letsencrypt easy way

Hi,

One can use Letsencrypt deploy script for this:
1. make folder for certs in some folder ipa can use (docker:/data/etc/letsencrypt_certs, i have /data/scripts. Requires mount from disk to ipa docker)
2. Install CA certs with script
3. get certs for ipa with letsencrypt
In (/etc/letsencrypt/renewal-hooks/deploy/renew.sh) script one can:

```
#!/bin/bash
echo "Letsencrypt renewal hook running..."
echo "RENEWED_DOMAINS=$RENEWED_DOMAINS"
echo "RENEWED_LINEAGE=$RENEWED_LINEAGE"
if grep --quiet ">ipa_host_fqdn>" <<< "$RENEWED_DOMAINS"; then
  cp $RENEWED_LINEAGE/cert.pem /<path_to_ipa_accessable_folde>/cert.pem
  cp $RENEWED_LINEAGE/privkey.pem  /<path_to_ipa_accessable_folde>/privkey.pem
****
//  inside docker a script to update certs for ipa:
  docker exec -it freeipa-serv /data/scripts/installCertsforHttp.sh
//  if not in docker restart ipa with: 
  ipactl restart
****
  echo "ipa certs updated and ipa restarted"
fi

```
If docker then (installCertsforHttp.sh):
```
#!/bin/bash
ipa-server-certinstall -w -d /<path_to_docker_inside_folder>/privkey.pem /<path_to_docker_inside_folder>/cert.pem --pin='' --dirman-password=<pwd_to_prevent_query>
ipactl restart
```

And this way letsencrypt certmonger do the work for renewal when needed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Letsencrypt easy way #44

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Letsencrypt easy way #44

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions