alkdev/alknet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d7538a7806149fed0c722cca4da3d032bdba7751
alknet/docs/research/ops/certbot.md
glm-5.1 d3633b7839 docs: complete Phase 0 architecture — spec updates, review fixes, and link portability 
Update four existing specs (overview, server, napi-and-pubsub, call-protocol) to
reflect Phase 0 decisions: three-layer model, IdentityProvider, ForwardingPolicy,
OperationEnv, static/dynamic config split. Review all 9 Phase 0a ADRs (026-034)
for consistency. Fix 4 critical issues from architecture review: missing OQ-SVC-05
in open-questions.md, deprecated hub terminology, undefined AuthService and noq
terms. Replace inline OQ text with cross-references per format rules. Add
ConfigServiceImpl definition to configuration.md. Port absolute workspace paths
to project-relative links by copying referenced docs (feasibility, certbot,
fail2ban, event_source_types) into docs/research/.
2026-06-07 11:27:52 +00:00

56 lines
1.2 KiB
Markdown
Raw Blame History

# Certbot — dev1
## Overview
Let's Encrypt SSL certificates managed by certbot. Used by nginx for HTTPS.
## Installed
certbot (snap package on Ubuntu 24.04)
## Certificates
| Domain | Expiry | Path |
|--------|--------|------|
| git.alk.dev | 2026-06-18 | /etc/letsencrypt/live/git.alk.dev/ |
## File Locations
```
/etc/letsencrypt/live/git.alk.dev/
├── fullchain.pem # Server cert + chain
├── privkey.pem # Private key
├── cert.pem # Server cert only
├── chain.pem # Chain only
└── README
```
Renewal config: `/etc/letsencrypt/renewal/git.alk.dev.conf`
## Renewal
Certbot auto-renews via systemd timer. Certificates renew when <30 days remaining.
```bash
# Check certificates and expiry
sudo certbot certificates
# Dry run renewal
sudo certbot renew --dry-run
# Force renewal (if needed)
sudo certbot renew --force-renewal
# Reload nginx after renewal
sudo systemctl reload nginx
```
## Initial Certificate
If adding a new domain, obtain the cert with the standalone plugin (nginx doesn't need to be running):
```bash
sudo certbot certonly --standalone -d <domain> --agree-tos -m <email>
```
Port 80 must be open for the ACME challenge. The api.alk.dev UFW rule allows HTTP for this purpose.
Reference in New Issue View Git Blame Copy Permalink