|
|
|
|
|
We use certbot with the webroot plugin. Don't forget to replace all {your-domain} occurences accordingly.
|
|
|
|
|
|
## Prerequisites
|
|
|
|
|
|
Create a directory where the certifactes will be stored:
|
|
|
```
|
|
|
sudo mkdir /etc/privmx-team-server/cert
|
|
|
sudo chmod 700 /etc/privmx-team-server/cert
|
|
|
sudo chown privmx /etc/privmx-team-server/cert
|
|
|
```
|
|
|
And a working directory for webroot:
|
|
|
```
|
|
|
sudo mkdir -p /var/www/{your-domain}/.well-known/acme-challenge
|
|
|
```
|
|
|
|
|
|
## Enabling webroot support
|
|
|
|
|
|
Enable webroot support in the [configuration file](Team-Server-configuration-file#lets-encrypt-webroot-plugin) and restart the service
|
|
|
```
|
|
|
sudo service privmx-team-server restart
|
|
|
```
|
|
|
|
|
|
## Certbot installation
|
|
|
```
|
|
|
sudo apt-get install certbot
|
|
|
```
|
|
|
|
|
|
## Run certbot
|
|
|
```
|
|
|
sudo certbot certonly --webroot -w /var/www/{your-domain} -d {your-domain}
|
|
|
```
|
|
|
|
|
|
## Certificate refresh configuration
|
|
|
Create file `/etc/letsencrypt/renewal-hooks/deploy/10-certbot-copy-certs` containing the script below - after refresh operation, it will copy the certificates and restart privmx-team-server.
|
|
|
|
|
|
```
|
|
|
#!/bin/bash
|
|
|
|
|
|
domain={your-domain}
|
|
|
node_dir=/etc/privmx-team-server/cert
|
|
|
node_user=privmx
|
|
|
|
|
|
cp /etc/letsencrypt/live/$domain/fullchain.pem "$node_dir"/server.crt
|
|
|
cp /etc/letsencrypt/live/$domain/privkey.pem "$node_dir"/server.key
|
|
|
chown $node_user "$node_dir"/*
|
|
|
service privmx-team-server restart
|
|
|
```
|
|
|
|
|
|
Grant execution right to the script:
|
|
|
```
|
|
|
sudo chmod 755 /etc/letsencrypt/renewal-hooks/deploy/10-certbot-copy-certs
|
|
|
```
|
|
|
|
|
|
and execute it to copy the certificates:
|
|
|
```
|
|
|
sudo /etc/letsencrypt/renewal-hooks/deploy/10-certbot-copy-certs
|
|
|
```
|
|
|
|
|
|
## Certificate refresh test
|
|
|
```
|
|
|
sudo certbot renew --dry-run
|
|
|
```
|
|
|
If you want to force refresh:
|
|
|
```
|
|
|
sudo certbot renew --force-renewal
|
|
|
```
|
|
|
|
|
|
## Enabling SSL
|
|
|
|
|
|
Enable SSL support in the [configuration file](Team-Server-configuration-file#enabling-ssl) and restart the service again
|
|
|
```
|
|
|
sudo service privmx-team-server restart
|
|
|
``` |