/
LetsEncrypt manual certificate Renewals
LetsEncrypt manual certificate Renewals
- Nithin DV (Unlicensed)
- Gajendran C (Unlicensed)
Owned by Nithin DV (Unlicensed)
Last updated: Mar 28, 2019
Renewal of Lets Encrypt certificates, applicable when no auto renewals such as certbot / certmanager are being used.
Instructions
- Exec into running nginx pod and execute,
-
acme-client -a https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf -Nnmv $DOMAIN && renew=1
-
- Once command is successful, check for new certs,
ls -lrt /etc/ssl/acme/$DOMAIN
- Reload nginx to pick up new certs and verify if domain reflects right certificates,
nginx -s reload
Copy certs from podkubectl cp nginx-2087212062-c67lk:/etc/ssl/acme/egov-micro-qa.egovernments.org/ ./certs-egov-micro-qa
ssh to bastion node using the key file and ssh to minion nodes with admin user one-by-onessh -i <KEY>.pem admin@<BASTION-IP> this is not accessible outside the egovernment network. Or need to whitelist the ip.scp to writable directory on the minionssh to minion and sudo cp to /srv/acme/egov-micro-qa.egovernments.orgdirectory
- Restart nginx pod to test to make sure everything is running ok
The entire process has been automated on the playground, use only for legacy deployments.
Related articles
, multiple selections available,
Related content
JFrog - Artifactory
JFrog - Artifactory
Read with this
APMDP - UAT Wildcard SSL
APMDP - UAT Wildcard SSL
More like this
Cleanup Kafka logs
Cleanup Kafka logs
Read with this
APMDP - UAT Wildcard SSL Apache
APMDP - UAT Wildcard SSL Apache
More like this
DIGIT - Starting guide for partners
DIGIT - Starting guide for partners
Read with this
APMDP - UAT SSL renewal with allvy domain Wildcard
APMDP - UAT SSL renewal with allvy domain Wildcard
More like this