Auto Renewal with Nginx without downtime


#1

Greetings Letsencrypt community,

Firstly I would like to commend all the developer and supporter of this project well done guys!

Back to my concern, I already got my certificate for my domains, but I’m having problem with the process of renewal.

I am using standalone authentication which will be needing to take down my running web server which is in my case is NGINX, that will cause server downtime for my websites…

Webroot authentication is the solution for no downtime renewal of letsencrypt but in my nginx configuration I haven’t place my web root in my server. I’m using proxy pass wherein the web files is coming from other server.

Any suggestion thanks and God bless :grin:


#2

I’m using something like this on a load balancer that sits in front of a couple of different backends (using proxy_pass):

location ~ /\.well-known {
    root /var/www/html/letsencrypt;
}

… then pass /var/www/html/letsencrypt to the client.


#3

Hi pfg,

May I know what is the content of your /var/www/html/letsencrypt ? Have you transferred your default letsencrypt which resides in /etc/letsencrypt ?

And are you äble place your script on crontab for monthly renewal ? Thanks :grin:


#4

/var/www/html/letsencrypt is the path I pass to the client with --webroot-path /var/www/html/letsencrypt. The client then creates the challenge files in that folder automatically.

Crontab works for me, my script looks like this:

#!/bin/bash
cd /root/letsencrypt
letsencrypt-auto certonly -a webroot --webroot-path /var/www/html/letsencrypt \
-d example.com -d www.example.com
--server https://acme-v01.api.letsencrypt.org/directory \
--agree-tos --renew-by-default
service nginx reload

#5

Hi pfg,

ok got it, I will try your suggestion, I guess your renewal process will also work for my side because we have the same setup Loadbalancers > Backends

By the way I’m using Centos 6.5 and nginx

Thanks, I will update you once tested.


#6

Hi, I just updated my documentation using the webroot authentication with similar requirements to your setup.

It should also work using the proxy pass & standalone plugin


#7

Hi all,

Thanks for the fast replied @mbrugger @pfg already tried your suggestion works for me Take care guys!