contrib/certbot: new document

This commit is contained in:
Simon Ser 2023-12-01 10:35:01 +01:00
parent 5ac4978456
commit a52cd5aa43

35
contrib/certbot.md Normal file
View File

@ -0,0 +1,35 @@
# Setting up Certbot for soju
If you are using [Certbot] to obtain HTTPS certificates, you can set up soju
like so:
- Obtain the certificate:
certbot certonly -d <domain>
- Allow all local users to access certificates (private keys are still
protected):
chmod 0755 /etc/letsencrypt/{live,archive}
- Allow the soju user to read the private key:
chmod 0640 /etc/letsencrypt/live/<domain>/privkey.pem
chgrp soju /etc/letsencrypt/live/<domain>/privkey.pem
- Set the `tls` directive in the soju configuration file:
tls /etc/letsencrypt/live/<domain>/fullchain.pem /etc/letsencrypt/live/<domain>/privkey.pem
- Configure Certbot to reload soju. Edit
`/etc/letsencrypt/renewal-hooks/post/soju.sh` and add a command to reload
soju, for instance:
#!/bin/sh
systemctl reload soju
Then mark the script as executable:
sudo chmod 755 /etc/letsencrypt/renewal-hooks/post/soju.sh
[Certbot]: https://certbot.eff.org/