light: fix tls cert expiring and not renewing
Some checks failed
/ Ansible Lint (push) Failing after 39s
Some checks failed
/ Ansible Lint (push) Failing after 39s
This commit is contained in:
parent
5693989c38
commit
6a92aa68c1
SSH key fingerprint:
SHA256:B3m+yzpaxGXSEcDBpPHfvza/DNC0wuX+CKMeGq8wgak
4 changed files with 34 additions and 20 deletions
|
|
@ -1,14 +1,12 @@
|
|||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
autoindex on;
|
||||
root /webroot-for-acme-challenge;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
proxy_pass http://127.0.0.1:31820/.well-known/acme-challenge/;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,15 +1,16 @@
|
|||
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
|
||||
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
|
||||
server_name light-werkstatt.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/light-werkstatt.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/light-werkstatt.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/light-werkstatt.ccchh.net/chain.pem;
|
||||
|
||||
# replace with the IP address of your resolver
|
||||
resolver 10.31.208.1;
|
||||
|
|
@ -25,15 +26,16 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
|
||||
server_name light.z9.ccchh.net ;
|
||||
server_name light.z9.ccchh.net;
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/light.z9.ccchh.net/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/light.z9.ccchh.net/privkey.pem;
|
||||
# verify chain of trust of OCSP response using Root CA and Intermediate certs
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/light.z9.ccchh.net/chain.pem;
|
||||
|
||||
location / {
|
||||
return 307 https://light.ccchh.net$request_uri;
|
||||
|
|
@ -41,8 +43,9 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
|
||||
server_name light.ccchh.net;
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue