I have been using a LetsEncrypt cert for my website for a number of years and have it set to auto renew using the cron job below. I want to enable HSTS now and was wondering if I simply add --hsts to the cronjob command or if there is any additional configuration that is required? How do I specify the timeframe also, i.e. 1 year? I have an Ubuntu 20.04 server running Apache.
0 0 1 */2 * certbot --force-renewal --quiet --agree-tos
Please don't ever use
--force-renewal in a cron job!!! That's a very, VERY bad idea. Please remove it immediately! Why would you do that anyway?!?
To answer your HSTS question:
HSTS is just a header send by the webserver, not a property of the certificate. You might be able to set this header (but I'm not sure) by using the
install subcommand of Certbot in combination with the
--hsts option. But I don't know how you got and installed the certificate in the first place, so I can't provide an exact command for you.
enhance verb can do this:
sudo certbot enhance --hsts --apache
Undocumented indeed. The
--hsts option isn't mentioned in the
enhance section, only in the
security section, which isn't a subcommand to begin with. So I guessed
install. I guess I guessed wrong.
Please improve the documentation.
This is a good place to get inspiration from, if you want to add an HSTS header to your website:
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.