-
Notifications
You must be signed in to change notification settings - Fork 1
Home
[GENERAL]
| Function | Description | Default value |
|---|---|---|
| ZONE | Domains list (comma separated ) | None |
| ADMIN_EMAIL | certbot administrator E-mail | None |
| DNS_SERVER | DNS servers list (comma separated) | 8.8.8.8 |
| TTL | TTL of TXT records | 600 |
| SLEEP | Wait for DNS zones update (in seconds) | 120 |
| LE_CONFIG_DIR | Path to store configurations and certificates | /etc/letsencrypt |
| CERTBOT | Path to certbot | /usr/local/bin/certbot |
| LE_LOG | Path to certbot log | /var/log/letsencrypt/letsencrypt.log |
LE_CONFIG_DIR useful when you need http challenge for some resources. In that case for dns challenge you can specify path like /etc/letsencrypt-dns.
TTL default value is 600. This is minimal value that can be set.
[WEBSERVER]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| TEST_CONFIG | Command for web-server configuration test | /usr/sbin/nginx -t |
| RELOAD_CONFIG | Command to reload web-server | /usr/sbin/nginx -s reload |
[SMTP]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| SERVER | Server address | 127.0.0.1 |
| PORT | Server port | 25 |
| USERNAME | Username | None |
| PASSWORD | Password | None |
| FROM | Outgoing mail address | None |
| TO | Recipient (comma separated) | None |
If MTA has no authentication, then leave USERNAME and PASSWORD empty.
[SLACK]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| WEBHOOK | Incoming webhook | None |
Find WEBHOOK at bot registration page in Features -> Incoming webhooks.
[TELEGRAM]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| TOKEN | Bot token | None |
| CHAT_ID | Chat identificator | None |
In order to find CHAT_ID send GET request https://api.telegram.org/botXXX:YYYY/getUpdates, where XXX:YYYY it's a bot token. In order to find CHAT_ID of group you should add bot into group and send message /my_id @mybotname.
[POSTHOOK]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| SCRIPT | Path to script | None |
POSTHOOK let you run your script. It might be useful, when you need to sync certificates with other servers.
[LOG]
| Function | Description | Default value |
|---|---|---|
| LOG_FILE | Log file | main.log |
LOG_FILE location directory is a directory where located "main". So you need to specify only log filename.
[GENERAL]
| Function | Description | Default value |
|---|---|---|
| ZONE | Domains list (comma separated ) | None |
| ADMIN_EMAIL | certbot administrator E-mail | None |
| DNS_SERVER | DNS servers list (comma separated) | 8.8.8.8 |
| TTL | TTL of TXT records | 600 |
| SLEEP | Wait for DNS zones update (in seconds) | 120 |
| LE_CONFIG_DIR | Path to store configurations and certificates | c:\\letsencrypt |
| CERTBOT | Path to certbot | c:\\certbot\\bin\\certbot.exe |
| LE_LOG | Path to certbot log | c:\\certbot\\log\\letsencrypt.log |
[WEBSERVER]
| Function | Description | Default value |
|---|---|---|
| ENABLED | Activation flag | false |
| TEST_CONFIG | Command for web-server configuration test | c:\\nginx\\sbin\\nginx -t |
| RELOAD_CONFIG | Command to reload web-server | c:\\nginx\\sbin\\nginx -s reload |
| Key | Description |
|---|---|
| -h | Help |
| -v | Verbose |
| -t | Dry-run |
| -n | Obtain new certificate |
| -a | Add/replace authentication data |
By default application renew certificates. So for the first time you should run application with argument "-n".
There is no problem with Windows, but if you experience such a problem then you must to update root certificate of Certificate Authority.
Download certificate: https://letsencrypt.org/certs/isrgrootx1.pem and https://letsencrypt.org/certs/lets-encrypt-r3.pem
Open certificate and click "Install certificate":
- Storage location: local computer
- Certificate storage: auto select store based on certificate type
Reboot computer.
Check MacOS version. Last version is Big Sur 11.6. If your version older then just update operation system. It will help in 80% of ceases.
If the update did not help, then you should try to update the root certificate of the certification authority.
Download certificate: https://letsencrypt.org/certs/isrgrootx1.pem and https://letsencrypt.org/certs/lets-encrypt-r3.pem
Open "Keychain" and drag and drop it into "System".
In "System" find certificate "ISG Root X1" and double click on it. Open menu "Trust" and in "Certificate usage options" select "Always Trust".
Just update system or package ca-certificates.
If there is no update, then you must remove "DST Root CA X3" in certificate chain:
trust dump --filter "pkcs11:id=%c4%a7%b1%a4%7b%2c%71%fa%db%e1%4b%90%75%ff%c4%15%60%85%89%10" | openssl x509 | sudo tee /etc/pki/ca-trust/source/blacklist/DST-Root-CA-X3.pem
update-ca-trust extract