Hugo<![CDATA[linux on Decaf Blog]]> 2024-04-12T20:16:03+00:00 https://blog.decaf200.com/tags/linux/ <![CDATA[Automating SSL Certificate Renewal with Certbot]]> https://blog.decaf200.com/posts/text-file-processing/ 2024-04-12T00:00:00+00:00 2024-04-12T00:00:00+00:00 Automating SSL Certificate Renewal with Certbot

Certbot is an automated tool that simplifies the way webmasters can obtain, renew, and manage SSL certificates. It interacts with the Let’s Encrypt CA through a protocol called ACME (Automated Certificate Management Environment), allowing the certificates to be issued and renewed without significant user interaction.

Setting Up Certbot

Before you can renew your SSL certificates with Certbot, you need to have it installed on your server. This can typically be done through package managers on systems like Ubuntu (sudo apt-get install certbot) or CentOS (sudo yum install certbot).

Using Certbot for Renewal

Certbot provides a hassle-free mechanism to renew SSL certificates. To automate the renewal process, you should run the following command:

Plain textANTLR4BashCC#CSSCoffeeScriptCMakeDartDjangoDockerEJSErlangGitGoGraphQLGroovyHTMLJavaJavaScriptJSONJSXKotlinLaTeXLessLuaMakefileMarkdownMATLABMarkupObjective-CPerlPHPPowerShell.propertiesProtocol BuffersPythonRRubySass (Sass)Sass (Scss)SchemeSQLShellSwiftSVGTSXTypeScriptWebAssemblyYAMLXML bashCopy codecertbot renew

This command checks all certificates installed on the server and renews them if they are within 30 days of expiration. It’s a good practice to test this process with a dry run:

Plain textANTLR4BashCC#CSSCoffeeScriptCMakeDartDjangoDockerEJSErlangGitGoGraphQLGroovyHTMLJavaJavaScriptJSONJSXKotlinLaTeXLessLuaMakefileMarkdownMATLABMarkupObjective-CPerlPHPPowerShell.propertiesProtocol BuffersPythonRRubySass (Sass)Sass (Scss)SchemeSQLShellSwiftSVGTSXTypeScriptWebAssemblyYAMLXML bashCopy codecertbot renew --dry-run

The --dry-run option simulates the renewal process without making any actual changes to your certificates, ensuring everything works as expected.

Automating the Process

While running certbot renew is straightforward, remembering to do so regularly might not be practical. Therefore, automating this process is critical. You can achieve this by scheduling a cron job that runs certbot renew twice a day. Here is an example of a cron job entry that you might add to your server’s crontab file:

Plain textANTLR4BashCC#CSSCoffeeScriptCMakeDartDjangoDockerEJSErlangGitGoGraphQLGroovyHTMLJavaJavaScriptJSONJSXKotlinLaTeXLessLuaMakefileMarkdownMATLABMarkupObjective-CPerlPHPPowerShell.propertiesProtocol BuffersPythonRRubySass (Sass)Sass (Scss)SchemeSQLShellSwiftSVGTSXTypeScriptWebAssemblyYAMLXML javascriptCopy code0 12,0 * * * /usr/bin/certbot renew --quiet

This cron job runs at noon and midnight every day, renewing any certificates that need it and doing so quietly without generating output.

Ensuring Reliability

After setting up Certbot to renew certificates automatically, it’s wise to monitor your system’s logs (usually found in /var/log/letsencrypt) to ensure that renewals are proceeding as expected. Occasionally, issues such as network interruptions or changes in the Let’s Encrypt API might require your attention.

]]> <![CDATA[Useful Curl commands]]> https://blog.decaf200.com/posts/curl-commands/ 2021-10-13T00:00:00+00:00 2021-10-13T00:00:00+00:00 Useful CURL commands with examples

Send Post request:

curl --data "key1=value1&key2=value2" http://site.com

Send JSON data:

curl  -H 'Content-Type: application/json' --data '{"param1":"test1","param2":"test2"}' http://test.com

Get status code:

curl -s -o /dev/null -w "%{http_code}" http://www.example.org/
]]>