4.6 KiB
4.6 KiB
⚡ SSL Certificate Cheatsheet
🚀 Quick Start
Installation in 3 Commands
sudo make install
sudo nano /etc/letsencrypt/regru_config.json # Fill in data
sudo make test-cert # Test
🧪 Testing (NO Let's Encrypt Limits)
# Create test certificate (unlimited)
sudo make test-cert
# Check status
sudo make status
# View logs
sudo make logs
When to use:
- ⚠️ Let's Encrypt: max 5 certificates/week
- ✅ Test: UNLIMITED
- ⚡ Creation: 1-2 seconds vs 2-5 minutes
🔒 Production (Let's Encrypt)
# Get real certificate
sudo make obtain
# Automatic mode (check + renewal)
sudo make run
# Force renewal
sudo make renew
📋 Main Commands
| Command | Description | Limits |
|---|---|---|
make test-cert |
Test certificate | ✅ None |
make obtain |
New Let's Encrypt | ⚠️ 5/week |
make renew |
Renew existing | ⚠️ 5/week |
make run |
Auto mode | ⚠️ 5/week |
make status |
System status | - |
make logs |
Show logs | - |
make check-config |
Check configuration | - |
📝 Configuration
Minimal (testing)
{
"domain": "test.example.com",
"wildcard": true,
"cert_dir": "/etc/letsencrypt/live"
}
Full (production + NPM)
{
"regru_username": "myuser",
"regru_password": "mypassword",
"domain": "example.com",
"wildcard": true,
"email": "admin@example.com",
"renewal_days": 30,
"npm_enabled": true,
"npm_host": "https://npm.example.com",
"npm_email": "admin@example.com",
"npm_password": "npm_password"
}
🔄 Workflow
Development → Production
# 1. Development (test certificates)
sudo make test-cert # Create test
# Test application...
# 2. Production (Let's Encrypt)
sudo rm -rf /etc/letsencrypt/live/example.com/ # Remove test
sudo make obtain # Create production
📁 Important Paths
# Configuration
/etc/letsencrypt/regru_config.json
# Certificates
/etc/letsencrypt/live/example.com/
├── privkey.pem # Private key
├── cert.pem # Certificate
├── fullchain.pem # Full chain (for nginx)
└── chain.pem # CA chain
# Scripts
/opt/letsencrypt-regru/letsencrypt_regru_api.py
# Logs
/var/log/letsencrypt_regru.log
🔍 Verification
# Check configuration
sudo make check-config
# Check certificate
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout
# Check expiration date
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -dates
# Check systemd
sudo systemctl status letsencrypt-regru.timer
sudo systemctl list-timers letsencrypt-regru.timer
# Check cron
sudo crontab -l | grep letsencrypt
🐛 Debugging
# Detailed logs
sudo make logs
# Test run with details
sudo python3 /opt/letsencrypt-regru/letsencrypt_regru_api.py \
-c /etc/letsencrypt/regru_config.json --check -v
# Certbot logs
sudo tail -f /var/log/letsencrypt/letsencrypt.log
# Systemd logs
sudo journalctl -u letsencrypt-regru.service -f
⚠️ Common Errors
Let's Encrypt: Rate limit exceeded
# SOLUTION: Use test certificates
sudo make test-cert
NPM: Certificate not found
# SOLUTION: Check NPM settings
sudo make check-config
# Check connection
curl -k https://npm.example.com
Permission denied
# SOLUTION: Run with sudo
sudo make test-cert
🎯 Use Case Scenarios
Local Development
sudo make test-cert
# Open https://localhost (ignore warning)
CI/CD Testing
# In pipeline
sudo make test-cert
# Run tests...
sudo make status
Staging Environment
sudo make test-cert # Or
sudo make obtain # If domain available
Production Environment
sudo make install
sudo make obtain
# Automatic renewal via cron/systemd
📚 Documentation
- README.md - Complete guide (1420+ lines)
- TESTING_GUIDE.md - Testing guide (370+ lines)
- PROJECT_STRUCTURE.md - Project structure
- CHEATSHEET.md - This cheatsheet
🆘 Quick Help
# Show all commands
make help
# Check installation
sudo make status
# Complete reinstall
sudo make uninstall
sudo make install
💡 Tips
- Always start with test certificates - avoid limits
- Check configuration -
make check-config - Monitor logs -
make logs - Automate - systemd/cron already configured
- Keep backups of configuration
Version: 2.1
Updated: 27.10.2025