-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Cockpit with LetsEncrypt
Deploy the Cockpit with LetsEncrypt without a webserver. Cockpit will be run as daemon from systemd
For the configuration with apache follow this guide: Proxying Cockpit over Apache with LetsEncrypt
Doku: https://certbot.eff.org/lets-encrypt/debianbuster-other
Install cerbot:
sudo apt-get install certbot
Get certificate, replace E-Mail and Domain with yours:
sudo certbot certonly --standalone --agree-tos --email YOUR-EMAIL-ADDRESS -d COCKPIT.YOUR-DOMAIN.COM
You don´t need a cronjob anymore. Cerbot package make it for you.
Create somewhere this script and replace your domain: update-cockpit-cert-from-letsencrypt.sh
DOMAIN=COCKPIT.YOUR-DOMAIN.COM
echo "create /etc/systemd/system/cockpit.socket.d/listen.conf for rut it as daemon on port 443"
cat <<EOF > /etc/systemd/system/cockpit.socket.d/listen.conf
[Socket]
ListenStream=
ListenStream=9090
ListenStream=443
EOF
echo "Create cert for cockpit"
cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem > /etc/cockpit/ws-certs.d/1-my-cert.cert
cat /etc/letsencrypt/live/$DOMAIN/privkey.pem >> /etc/cockpit/ws-certs.d/1-my-cert.cert
echo "Restart Daemon:"
echo "systemctl daemon-reload && systemctl restart cockpit.socket"
systemctl daemon-reload && systemctl restart cockpit.socket
echo "Check Cockpit https://$DOMAIN/"
You need to run this script as a cronjob. I´m not sure how the best method is.
It would be great, if you could define on the configuration to use the domain with the form from letsencrypt. Maybe a empty file like "/etc/cockpit/ws-certs.d/letsencrypt-COCKPIT.YOUR-DOMAIN.COM" or similar. So it is not necessary to define a cronjob to update the configuration.
Maybe replace the self-certificate with this solution as default.