/
LetsEncrypt manual certificate Renewals

LetsEncrypt manual certificate Renewals

Owned by Nithin DV (Unlicensed)
Last updated: Mar 28, 2019

Renewal of Lets Encrypt certificates, applicable when no auto renewals such as certbot / certmanager are being used.

Instructions

  1. Exec into running nginx pod and execute,
  2. Once command is successful, check for new certs, 
    • ls -lrt /etc/ssl/acme/$DOMAIN
  3. Reload nginx to pick up new certs and verify if domain reflects right certificates,
    • nginx -s reload
  4. Copy certs from pod
    1. kubectl cp nginx-2087212062-c67lk:/etc/ssl/acme/egov-micro-qa.egovernments.org/ ./certs-egov-micro-qa
  5. ssh to bastion node using the key file and ssh to minion nodes with admin user one-by-one
    1. ssh -i <KEY>.pem admin@<BASTION-IP> this is not accessible outside the egovernment network. Or need to whitelist the ip.
    2. scp to writable directory on the minion
    3. ssh to minion and sudo cp to /srv/acme/egov-micro-qa.egovernments.org directory
  6. Restart nginx pod to test to make sure everything is running ok


The entire process has been automated on the playground, use only for legacy deployments.



Related pages

JFrog - Artifactory
JFrog - Artifactory
DevOps
Read with this
Cleanup Kafka logs
Cleanup Kafka logs
DevOps
Read with this
DIGIT - Starting guide for partners
DIGIT - Starting guide for partners
DevOps
Read with this
eGov - CI/CD
eGov - CI/CD
DevOps
Read with this
es-curator to clear old logs/indices using Helm Chart
es-curator to clear old logs/indices using Helm Chart
DevOps
Read with this
Custom Nginx Configuration
Custom Nginx Configuration
DevOps
Read with this