2f89d9e169
Some checks failed
Sync from Gitea / sync (push) Has been cancelled
- Добавлено подробное руководство по тестированию SSL-сертификатов с использованием самоподписанных сертификатов. - Добавлены инструкции по созданию тестовых сертификатов с помощью Makefile, Python и Bash-скриптов. - Добавлены сравнение методов и подробные инструкции по настройке, проверке и использованию в Nginx. - Задокументированы этапы перехода от тестовых сертификатов к рабочим. - Создано руководство по получению сертификатов Let's Encrypt с DNS-запросом для провайдера reg.ru. - Разработано подробное руководство по настройке использования глобального SSL-сертификата в Nginx Proxy Manager. - Предоставлены инструкции по созданию и обновлению wildcard-сертификатов в Nginx Proxy Manager. - Добавлены скрипты автоматизации для создания и обновления SSL-сертификатов с помощью API reg.ru. - Реализованы Git-хуки для Gitea для синхронизации изменений с GitHub после отправки. - Улучшено логирование и обработка ошибок в Git-хуках для улучшения мониторинга и устранения неполадок.
5.4 KiB
5.4 KiB
SSL Certificate Automation Scripts
Author: Фофанов Дмитрий
📖 Overview
This project contains scripts for automating the creation and renewal of Let's Encrypt SSL certificates using DNS-01 Challenge via the reg.ru API.
🎯 Quick Start
Linux (Bash)
# 1. Install dependencies
sudo apt-get install certbot jq
# 2. Configure credentials
nano ~/.regru_credentials
# Add:
# export REGRU_USERNAME="your_login"
# export REGRU_PASSWORD="your_password"
# 3. Set permissions
chmod 600 ~/.regru_credentials
# 4. Run the script
./letsencrypt_regru.sh \
-d "*.dfv24.com" \
-e "dfofanov@dfv24.com"
Linux (Python)
# 1. Install dependencies
pip install requests dnspython certbot
# 2. Configure
cp config.example.yml config.yml
nano config.yml
# 3. Run
python letsencrypt_regru.py
# 4. Setup auto-renewal (cron)
crontab -e
# Add:
# 0 3 * * 1 /usr/bin/python3 /path/to/letsencrypt_regru.py
Windows (PowerShell)
# 1. Run as Administrator
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
# 2. Configure credentials
$env:REGRU_USERNAME = "your_login"
$env:REGRU_PASSWORD = "your_password"
# 3. Run
.\letsencrypt_regru.ps1 `
-Domain "*.dfv24.com" `
-Email "dfofanov@dfv24.com"
# 4. Setup auto-renewal (Task Scheduler)
# Import-Module .\ScheduledTask.psm1
# Create-CertRenewalTask
⚙️ Configuration
Bash Script (letsencrypt_regru.sh)
#!/bin/bash
# Required parameters
DOMAIN="*.dfv24.com" # Your domain
EMAIL="dfofanov@dfv24.com" # Contact email
REGRU_USERNAME="your_login" # reg.ru login
REGRU_PASSWORD="your_password" # reg.ru password
# Optional parameters
DNS_PROPAGATION_WAIT=60 # Wait time for DNS propagation (seconds)
LOG_FILE="/var/log/letsencrypt_regru.log"
WEBSERVER="nginx" # nginx or apache2
Python Script (letsencrypt_regru.py)
Create config.yml:
# reg.ru credentials
regru:
username: "your_login"
password: "your_password"
# Certificate settings
certificate:
domain: "*.dfv24.com"
email: "dfofanov@dfv24.com"
dns_propagation_wait: 60
# Logging
logging:
file: "/var/log/letsencrypt_regru.log"
level: "INFO"
# Web server
webserver:
type: "nginx" # nginx, apache2, or null
reload_command: "systemctl reload nginx"
PowerShell Script (letsencrypt_regru.ps1)
# Configuration
$Config = @{
Domain = "*.dfv24.com"
Email = "dfofanov@dfv24.com"
RegRuUsername = $env:REGRU_USERNAME
RegRuPassword = $env:REGRU_PASSWORD
DnsPropagationWait = 60
LogFile = ".\letsencrypt_regru.log"
}
📋 Requirements
Bash Script
- certbot - Let's Encrypt client
- jq - JSON processor
- curl - HTTP requests
- dig (optional) - DNS queries
Python Script
- Python 3.6+
- requests - HTTP library
- dnspython - DNS operations
- certbot - Let's Encrypt client
- PyYAML - YAML configuration
PowerShell Script
- PowerShell 5.1+ or PowerShell Core 7+
- certbot (via Chocolatey or manual installation)
🔄 Automatic Renewal
Linux (cron)
# Edit crontab
crontab -e
# Add (runs every Monday at 3 AM):
0 3 * * 1 /path/to/letsencrypt_regru.sh >> /var/log/cert_renewal.log 2>&1
# Or for Python:
0 3 * * 1 /usr/bin/python3 /path/to/letsencrypt_regru.py
Windows (Task Scheduler)
# Create scheduled task
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" `
-Argument "-File C:\path\to\letsencrypt_regru.ps1"
$Trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 3am
Register-ScheduledTask -TaskName "SSL Certificate Renewal" `
-Action $Action -Trigger $Trigger -RunLevel Highest
✨ Features
✅ Automatic DNS validation via reg.ru API
✅ Certificate expiration check
✅ Automatic renewal before expiration
✅ Web server reload after renewal
✅ Detailed logging of all operations
🔧 Using with Nginx Proxy Manager
After obtaining the certificate:
- Log in to NPM: http://192.168.10.14:81/
- SSL Certificates → Add SSL Certificate → Custom
- Paste the content:
- Certificate Key:
/etc/letsencrypt/live/domain.com/privkey.pem - Certificate:
/etc/letsencrypt/live/domain.com/fullchain.pem
- Certificate Key:
📝 Logs
- Bash:
/var/log/letsencrypt_regru.log - Python:
/var/log/letsencrypt_regru.log - PowerShell:
.\letsencrypt_regru.log - Certbot:
/var/log/letsencrypt/letsencrypt.log
🆘 Troubleshooting
API Authentication Error
- Check your reg.ru credentials
- Ensure the domain is under your control
DNS Record Not Propagating
- Increase
dns_propagation_waitto 120 seconds - Check DNS:
nslookup -type=TXT _acme-challenge.domain.com
Certbot Not Found
# Ubuntu/Debian
sudo apt-get install certbot
# Or via snap
sudo snap install --classic certbot
📚 Documentation
Detailed documentation in USAGE.md
🔐 Security
- Keep credentials secure
- Use
chmod 600for configuration files - Regularly update passwords
⚠️ Important
- Let's Encrypt certificates are valid for 90 days
- Automatic renewal setup is recommended
- Wildcard certificates require DNS validation
📞 Support
📄 License
Scripts are provided "as is" for free use.
Happy Automation! 🔒