metarhia/impress

Support certbot

tshemsedinov opened this issue · 1 comments

tshemsedinov commented

Describe the problem

Certbot can be used in --standalone mode when it starts it's own web server on port 80, but certbot also can use our web server in --webroot mode. But we cache files in memory and serve from memory, so challenge files, created by certbot can't be served immediately, it will be loaded after timeout so GET requests from letsencrypt will return 404.

Standalone mode: certbot certonly --standalone -d www.domain.com -d domain.com -m your.name@domain.com --agree-tos --no-eff-email

Webroot mode: certbot certonly --webroot -w ~/domain.com/application/static -d www.domain.com -d domain.com -m your.name@domain.com --agree-tos --no-eff-email

After certbot will issue new cert we can move it to our application/cert folder:

yes | cp /etc/letsencrypt/live/domain.com/fullchain.pem ~/domain.com/application/cert/cert.pem
yes | cp /etc/letsencrypt/live/domain.com/privkey.pem ~/domain.com/application/cert/key.pem

Describe the solution

  • When file is not found in memory it can be served from disk
  • Need to serve static at port 80 (balancer)