Files

Dmitriy Fofanov b3955fb1cc Добавлено описание команд и улучшено логирование в документации. Включены команды диагностики и тестирования для проверки API и DNS, а также обновлены основные команды в руководствах.

2025-10-30 09:18:05 +03:00

5.6 KiB

Raw Blame History

⚡ SSL Certificate Cheatsheet

🚀 Quick Start

Installation in 3 Commands

sudo make install
sudo nano /etc/letsencrypt/regru_config.json  # Fill in data
sudo make test-cert                            # Test

🧪 Testing (NO Let's Encrypt Limits)

# Create test certificate (unlimited)
sudo make test-cert

# Check status
sudo make status

# View logs
sudo make logs

When to use:

⚠️ Let's Encrypt: max 5 certificates/week
✅ Test: UNLIMITED
⚡ Creation: 1-2 seconds vs 2-5 minutes

🔒 Production (Let's Encrypt)

# Get real certificate
sudo make obtain

# Automatic mode (check + renewal)
sudo make run

# Force renewal
sudo make renew

📋 Main Commands

letsencrypt-regru Commands

Command	Description	Limits	Use Case
`--check`	Check certificate expiration	-	Monitoring
`--obtain`	Obtain new certificate	⚠️ 5/week	Initial creation
`--renew`	Renew existing certificate	⚠️ 5/week	Renewal
`--auto`	Auto-check and renewal	⚠️ 5/week	Cron/systemd
`--test-cert`	Test certificate	✅ None	Development
`--test-api`	Check API reg.ru access	-	Diagnostics
`--test-dns`	Test DNS record creation	-	Pre-SSL check
`--help`	Show help	-	Help
`-v`	Verbose output	-	Debugging

Makefile Commands

Command	Description	Equivalent
`make test-cert`	Test certificate	`letsencrypt-regru --test-cert`
`make obtain`	New Let's Encrypt	`letsencrypt-regru --obtain`
`make renew`	Renew existing	`letsencrypt-regru --renew`
`make run`	Auto mode	`letsencrypt-regru --auto`
`make status`	System status	-
`make logs`	Show logs	`journalctl -u letsencrypt-regru`
`make check-config`	Check configuration	-

letsencrypt_regru.sh Commands

Command	Description
`sudo bash letsencrypt_regru.sh install`	Install application
`sudo bash letsencrypt_regru.sh update`	Update application
`sudo bash letsencrypt_regru.sh uninstall`	Uninstall application

📝 Configuration

Minimal (testing)

{
    "domain": "test.example.com",
    "wildcard": true,
    "cert_dir": "/etc/letsencrypt/live"
}

Full (production + NPM)

{
    "regru_username": "myuser",
    "regru_password": "mypassword",
    "domain": "example.com",
    "wildcard": true,
    "email": "admin@example.com",
    "renewal_days": 30,
    "npm_enabled": true,
    "npm_host": "https://npm.example.com",
    "npm_email": "admin@example.com",
    "npm_password": "npm_password"
}

🔄 Workflow

Development → Production

# 1. Development (test certificates)
sudo make test-cert              # Create test
# Test application...

# 2. Production (Let's Encrypt)
sudo rm -rf /etc/letsencrypt/live/example.com/  # Remove test
sudo make obtain                 # Create production

📁 Important Paths

# Configuration
/etc/letsencrypt/regru_config.json

# Certificates
/etc/letsencrypt/live/example.com/
├── privkey.pem      # Private key
├── cert.pem         # Certificate
├── fullchain.pem    # Full chain (for nginx)
└── chain.pem        # CA chain

# Scripts
/opt/letsencrypt-regru/letsencrypt_regru_api.py

# Logs
/var/log/letsencrypt_regru.log

🔍 Verification

# Check configuration
sudo make check-config

# Check certificate
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout

# Check expiration date
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -dates

# Check systemd
sudo systemctl status letsencrypt-regru.timer
sudo systemctl list-timers letsencrypt-regru.timer

# Check cron
sudo crontab -l | grep letsencrypt

🐛 Debugging

# Detailed logs
sudo make logs

# Test run with details
sudo python3 /opt/letsencrypt-regru/letsencrypt_regru_api.py \
    -c /etc/letsencrypt/regru_config.json --check -v

# Certbot logs
sudo tail -f /var/log/letsencrypt/letsencrypt.log

# Systemd logs
sudo journalctl -u letsencrypt-regru.service -f

⚠️ Common Errors

Let's Encrypt: Rate limit exceeded

# SOLUTION: Use test certificates
sudo make test-cert

NPM: Certificate not found

# SOLUTION: Check NPM settings
sudo make check-config

# Check connection
curl -k https://npm.example.com

Permission denied

# SOLUTION: Run with sudo
sudo make test-cert

🎯 Use Case Scenarios

Local Development

sudo make test-cert
# Open https://localhost (ignore warning)

CI/CD Testing

# In pipeline
sudo make test-cert
# Run tests...
sudo make status

Staging Environment

sudo make test-cert  # Or
sudo make obtain     # If domain available

Production Environment

sudo make install
sudo make obtain
# Automatic renewal via cron/systemd

📚 Documentation

README.md - Complete guide (1420+ lines)
TESTING_GUIDE.md - Testing guide (370+ lines)
PROJECT_STRUCTURE.md - Project structure
CHEATSHEET.md - This cheatsheet

🆘 Quick Help

# Show all commands
make help

# Check installation
sudo make status

# Complete reinstall
sudo make uninstall
sudo make install

💡 Tips

Always start with test certificates - avoid limits
Check configuration - make check-config
Monitor logs - make logs
Automate - systemd/cron already configured
Keep backups of configuration

Version: 2.1
Updated: 27.10.2025

5.6 KiB Raw Blame History

⚡ SSL Certificate Cheatsheet

🚀 Quick Start

Installation in 3 Commands

🧪 Testing (NO Let's Encrypt Limits)

🔒 Production (Let's Encrypt)

📋 Main Commands

letsencrypt-regru Commands

Makefile Commands

letsencrypt_regru.sh Commands

📝 Configuration

Minimal (testing)

Full (production + NPM)

🔄 Workflow

Development → Production

📁 Important Paths

🔍 Verification

🐛 Debugging

⚠️ Common Errors

Let's Encrypt: Rate limit exceeded

NPM: Certificate not found

Permission denied

🎯 Use Case Scenarios

Local Development

CI/CD Testing

Staging Environment

Production Environment

📚 Documentation

🆘 Quick Help

💡 Tips

5.6 KiB

Raw Blame History