Connect MailServer
- check certs
sudo openssl x509 -enddate -noout -in /etc/letsencrypt/live/your_domain/fullchain.pem - Stop service
sudo systemctl stop nginx
sudo systemctl stop postfix
sudo systemctl stop dovecot - check http port can connect
firewall open http
sudo ufw allow http - Renew cert
sudo certbot certonly --standalone -d your_domain --preferred-challenges http - check cert
sudo openssl x509 -enddate -noout -in /etc/letsencrypt/live/your_domain/fullchain.pem - close http port
sudo ufw delete allow http
firewall close http - cert permission
sudo chown root:root /etc/letsencrypt/live/your_domain/privkey.pem
sudo chmod 600 /etc/letsencrypt/live/your_domain/privkey.pem - Start service
sudo systemctl start nginx
sudo systemctl start postfix
sudo systemctl start dovecot
Auto Renew Config
- sudo crontab -e
- choose 1, and add below line in end
0 3 * * * /usr/bin/certbot renew --quiet && systemctl reload nginx postfix dovecot - save
沒有留言:
張貼留言