Letsencrypt/certbot/renew/for-pound

Letsencrypt/certbot/for-poundについて、ここに記述してください。

https://community.letsencrypt.org/t/generating-certificates-for-use-in-pound/44091/3

If that document from another CA is still correct,

it needs to “cat privkey.pem fullchain.pem >/somewhere/pound-cert.pem”.

--deploy-hook

Note 2: If you are using certbot 0.19.0 instead of using --deploy-hook you could put your script on dir /etc/letsencrypt/renewal-hooks/deploy/

Create script combine-certs-for-pound.sh (variable $RENEWED_LINEAGE is passed by certbot to the script):

privkey="$RENEWED_LINEAGE/privkey.pem"
fullchain="$RENEWED_LINEAGE/fullchain.pem"
combined="$RENEWED_LINEAGE/combined-for-pound.pem"

cat "$privkey" "$fullchain" > "$combined"
chmod 400 $combined

1. pound restart 要?

# renew certificate
/root/tools/certbot/certbot-auto renew

# merge private key with certificate
# to make it readable by Pound

cp /etc/letsencrypt/live/mywebsite.com/privkey.pem /etc/letsencrypt/live/mywebsite.com/mywebsite.pem

cat /etc/letsencrypt/live/mywebsite.com/cert.pem >> /etc/letsencrypt/live/mywebsite.com/mywebsite.pem

# restart Pound
/etc/init.d/pound restart