xv4_de

letsencrypt

# portmaster security/py-certbot

ein cert für eine Domain holen

# certbot certonly --rsa-key-size 4096 -d domain.com -d www.domain.com

wildcard holen

# certbot certonly --agree-tos --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory -d domain.com -d '*.domoain.com'

cronjob

30      4       *       *       0       root    /usr/local/etc/letsencrypt-renew.sh | /usr/bin/mail -s "certbot renew" hostmaster

script

#!/bin/csh

/usr/local/bin/certbot renew
/usr/local/sbin/apachectl start graceful

cp /etc/ssl/mail_domain_com.letsencrypt-IMAP.pem /etc/ssl/mail_domain_com.letsencrypt-IMAP-backup.pem

/usr/local/sbin/postfix stop

/bin/cat /usr/local/etc/letsencrypt/live/mail.domain.com/privkey.pem /usr/local/etc/letsencrypt/live/mail.domain.com/fullchain.pem > /etc/ssl/mail_domain_com.letsencrypt-IMAP.pem

/usr/local/etc/rc.d/courier-imap-imapd-ssl restart
/usr/local/etc/rc.d/courier-imap-pop3d-ssl restart
/usr/local/sbin/postfix start
fail2ban unbound