Table of content

• Renew Certificate
  • List certificates
• Obtain certificate
  • Obtain new certificate
• Other certbot section
  • Revoke certificate
  • Auth certificate
  • Set user specific ACL
  • New website deployment
• Get information about the certificate from the command Line
• Check certificate expiry only

Renew Certificate

List certificates

Get certificate name for renewal

certbot certificates

for test:

certbot renew --cert-name greenstream.com.ua-0002 --dry-run

For real renewal

certbot renew --cert-name greenstream.com.ua-0002

Obtain certificate

Obtain new certificate

For test add

--dry-run

INFO

parameter at the end

1. Start domain with http

certbot certonly -d stage.greenstream.com.ua

2. Select 2 (webroot)
3. Specify the webroot

/var/lib/docker/volumes/web_app/_data

4. Update nginx config

Other certbot section

Revoke certificate

certbot revoke --cert-name node.greenstream.com.ua

Auth certificate

Client Authengication

CA

Set user specific ACL

setfacl -R -m u:deploy:rwx <folder_name>

New website deployment

1. Assign permission to <volume_name>/_data

chgrp -R www-data _data/
setfact -R -m u:deploy:rwx <volumeName>/_data
setfact -R -m g:www-data:rwx <volumeName>/_data
chmod -R o+rx _data/

Get information about the certificate from the command Line

• Create a script checkCertificate.sh

#!/bin/bash

# Check if domain argument is provided
if [ -z "$1" ]; then
  echo "Please provide a domain name as an argument."
  exit 1
fi

# Retrieve and display certificate information
echo | openssl s_client -connect "$1":443 -servername "$1" 2>/dev/null | openssl x509 -noout -text

This script will use the openssl command to retrieve the certificate information for the specified domain and display it in the terminal.

To use the script, save it to a file named checkCertificate.sh, make it executable using the command chmod +x checkCertificate.sh, and then run the script with the domain name as an argument, like this:

./checkCertificate.sh example.com

Check certificate expiry only

• Create a file checkExpiry.sh

#!/bin/bash

# Check if domain argument is provided
if [ -z "$1" ]; then
  echo "Please provide a domain name as an argument."
  exit 1
fi

# Retrieve certificate information
expiration_date=$(echo -n | openssl s_client -connect "$1":443 -servername "$1" 2>/dev/null | openssl x509 -noout -enddate)

# Extract the expiration date
expiration_date=$(echo "$expiration_date" | sed -n 's/notAfter=//p')

# Print the expiration date
echo "Certificate expiration date for $1:"
echo "$expiration_date"

To use the script, save it to a file named checkExpiry.sh. Make the file executable using the command chmod +x checkExpiry.sh. Then you can run the script and provide a domain name as an argument, like this:

./checkExpiry.sh example.com