揮発性のメモ2

知識をメモ書きしておく

certbotで let's encryptの証明書を 取得する

Version0.27とか0.28のときのcertbot

/lib/systemd/system/certbot.service
[Unit]
Description=Certbot
Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html
Documentation=https://letsencrypt.readthedocs.io/en/latest/
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot -q renew
PrivateTmp=true

# ださいけど更新時にnginxの一時停止をする
ExecStartPre=/bin/systemctl stop nginx
ExecStartPost=/bin/systemctl start nginx
/etc/letsencrypt/renewal/hoge.example.com.conf
# renew_before_expiry = 30 days
version = 0.27.0
archive_dir = /etc/letsencrypt/archive/hoge.example.com
cert = /etc/letsencrypt/live/hoge.example.com/cert.pem
privkey = /etc/letsencrypt/live/hoge.example.com/privkey.pem
chain = /etc/letsencrypt/live/hoge.example.com/chain.pem
fullchain = /etc/letsencrypt/live/hoge.example.com/fullchain.pem

# Options used in the renewal process
[renewalparams]
account = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
authenticator = standalone
server = https://acme-v02.api.letsencrypt.org/directory


この書き方だと、certbotがエラーおこしたときにnginxが止まったままになるのでよろしくない