Alan Orth
a34cb1e666
The certbot-auto client that I've been using for a long time is now only supported if you install it using snap. I don't use snap on my systems so I decided to switch to the acme.sh client, which is imp- lemented in POSIX shell with no dependencies. One bonus of this is that I can start using ECC certificates. This also configures the .well-known directory so we can use webroot when installing and renewing certificates. I have yet to understand how the renewal works with regards to webroot, though. I may have to update the systemd timers to point to /var/lib/letsencrypt/.well-known.
10 lines
291 B
Django/Jinja
10 lines
291 B
Django/Jinja
[Unit]
|
|
Description=Renew Let's Encrypt certificates
|
|
ConditionFileIsExecutable={{ letsencrypt_acme_home }}/acme.sh
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
ExecStart={{ letsencrypt_acme_home }}/acme.sh --cron --home {{ letsencrypt_acme_home }} --reloadcmd "/bin/systemctl reload nginx"
|
|
|
|
SuccessExitStatus=0 2
|