|
|
@@ -80,17 +80,17 @@ popd
|
|
|
```
|
|
|
|
|
|
Qu'il suffit de lancer comme ceci (pour l'exemple je génère un certificate
|
|
|
-asral.fr avec comme domaines gérés gitoyen.net et planet.gitoyen.net (oui de la pub au passage))
|
|
|
+gitoyen.net avec comme domaines gérés gitoyen.net et www.gitoyen.net (oui de la pub au passage))
|
|
|
|
|
|
```bash
|
|
|
-$ bash bootstrap-letsencrypt.sh asrall gitoyen.net 'DNS:gitoyen.net,DNS:planet.gitoyen.net'
|
|
|
+$ bash bootstrap-letsencrypt.sh gitoyen gitoyen.net 'DNS:gitoyen.net,DNS:www.gitoyen.net'
|
|
|
##### gitoyen.net #####
|
|
|
Parsing account key...
|
|
|
Parsing CSR...
|
|
|
Registering account...
|
|
|
Already registered!
|
|
|
-Verifying planet.gitoyen.net...
|
|
|
-planet.gitoyen.net verified!
|
|
|
+Verifying www.gitoyen.net...
|
|
|
+www.gitoyen.net verified!
|
|
|
Verifying gitoyen.net...
|
|
|
gitoyen.net verified!
|
|
|
Signing certificate...
|
|
|
@@ -115,7 +115,7 @@ server {
|
|
|
listen 443;
|
|
|
ssl on;
|
|
|
client_max_body_size 20M;
|
|
|
- server_name gitoyen.net planet.gitoyen.net asrall.sebian.fr;
|
|
|
+ server_name gitoyen.net www.gitoyen.net;
|
|
|
ssl_certificate /etc/letsencrypt/pem/gitoyen.net.pem;
|
|
|
ssl_certificate_key /etc/letsencrypt/private/gitoyen.net.key;
|
|
|
ssl_session_timeout 5m;
|
|
|
@@ -172,8 +172,8 @@ Dans la conf `main.mk` de checkmk:
|
|
|
# /etc/checkmk/main.mk
|
|
|
legacy_checks = [
|
|
|
## Gitoyen
|
|
|
- ( ( "check-certificate!gitoyen.net", "Certificate Gitoyen - Letsencrypt", True), ['baloo.sebian.fr']),
|
|
|
- ( ( "check-certificate!planet.gitoyen.net", "Certificate Planet Gitoyen - Letsencrypt", True), ['baloo.sebian.fr']),
|
|
|
+ ( ( "check-certificate!gitoyen.net", "Certificate Gitoyen - Letsencrypt", True), ['baloo.gitoyen.net']),
|
|
|
+ ( ( "check-certificate!www.gitoyen.net", "Certificate www Gitoyen - Letsencrypt", True), ['baloo.gitoyen.net']),
|
|
|
]
|
|
|
```
|
|
|
|
|
|
@@ -200,14 +200,14 @@ le check passe en warning avec ce mini script bash.
|
|
|
```bash
|
|
|
#!/bin/bash
|
|
|
|
|
|
-account='asrall'
|
|
|
-certs='gitoyen.net planet.gitoyen.net'
|
|
|
+account='gitoyen'
|
|
|
+certs='gitoyen.net www.gitoyen.net'
|
|
|
|
|
|
pushd /etc/letsencrypt
|
|
|
for cert in $certs
|
|
|
do
|
|
|
echo "##### ${cert} #####"
|
|
|
- acme_tiny.py --account-key ./private/labriqueinternet.key --csr ./csr/${cert}.csr --acme-dir /etc/letsencrypt/challenges/${cert}/ > ./certs/${cert}.crt
|
|
|
+ acme_tiny.py --account-key ./private/gitoyen.key --csr ./csr/${cert}.csr --acme-dir /etc/letsencrypt/challenges/${cert}/ > ./certs/${cert}.crt
|
|
|
cat ./certs/${cert}.crt ./pem/intermediate.pem > ./pem/${cert}.pem
|
|
|
done
|
|
|
popd
|
|
|
@@ -216,4 +216,4 @@ systemctl restart nginx
|
|
|
|
|
|
## Chocolat
|
|
|
|
|
|
-Même si le modèle des CA et bancal, il n'y a plus de raison maintenant de ne pas proposer du HTTPS partout!
|
|
|
+Même si le modèle des CA est bancal, il n'y a plus de raison maintenant de ne pas proposer du HTTPS partout!
|
Sebastien Badia