Menu
I use letsencrypt/certbot to manage certs for nginx's use. I find that, when setting up servers, I get into a chicken and egg situation: nginx must work to supply the .well-known/acme-challenge directory, but nginx refuses to start if configured ssl certificates don't exist yet.
So far I've gotten around that by manually editing ssl out of the nginx server block, starting it, running certbot for the first time, then reverting the change. I'm wondering if there is a cleaner way to do it.
(at the moment I'm using the webroot auth method, but I'm not married to it. The goal here is to come up with a single configuration that does the Right Thing during initial setup)
272
Since you know the final name and destinations of your certificates, you can generate a self signed certificate, to get nginx going and then run certbot and replace the self-signed to a proper one. The ACME challenge should be resolved over HTTP.
Code to generate a self-signed certificate. Do not worry about much, except the keyout and the out parameters.
openssl req -x509 -nodes -days 365 -newkey rsa:4096 \
-subj "/C=UK/ST=England/L=London/CN=www.example.com" \
-keyout "/path/to/your/key.cer" \
-out "/path/to/your/certificate.cer"
You can fully script this, so you'd have no headaches.
134
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
