====== LetsEncrypt ======

==== Renovar certificados haproxy ====

=== Script guarrete ===

<code>
root@ns3191080:/srv/vm/brutalix# cat renovar.sh 
rutalive="/etc/letsencrypt/live"
destino="/etc/cert"
rutadominios="/srv/vm/brutalix"

certbot renew --webroot --webroot-path /var/www/html/

for dom in $(cat $rutadominios/dominios.lst)
do 
        echo creando cert haproxy $destino/$dom.pem
        cat  $rutalive/$dom/privkey.pem $rutalive/$dom/fullchain.pem  > $destino/$dom.pem    
done
echo recargando haproxy
service haproxy restart

</code>

=== acl haproxy ===

<code>

#ACL Certbot
        acl certbot path_beg  /.well-known/acme-challenge
        use_backend backend-certbot if certbot
  
#Backend Certbot
backend backend-certbot
        server local 127.0.0.1:80

</code>

==== Limpiar certificados movidos ====

<code>
root@ns3061228:/# rm /etc/letsencrypt/renewal/cloud.old.conf
root@ns3061228:/# rm /etc/letsencrypt/renewal/nextcloud.old.conf 
</code>


==== Solicitud certificado LetsEncrypt ====


<code>
#simular solicitud
certbot certonly --register-unsafely-without-email -d plycaf.unizar.es --webroot --webroot-path /u01/app/plyca/ --dry-run

#Solicitud real
certbot certonly --register-unsafely-without-email -d plycaf.unizar.es --webroot --webroot-path /u01/app/plyca/

#verificación
[root@plycaswf1 ~]# ls /etc/letsencrypt/live/plycaf.unizar.es/
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

#Certificado con alias
certbot certonly --register-unsafely-without-email -d licitacionf.unizar.es,plycaf.unizar.es --webroot --webroot-path /u01/app/plyca 
</code>