I've got a parse-server up and running on digital ocean following this guide . When configuring mongo db for migration you execute this command:
sudo cat /etc/letsencrypt/archive/domain_name/{fullchain1.pem,privkey1.pem} | sudo tee /etc/ssl/mongo.pem
After that the tutorial says:
You will have to repeat the above command after renewing your Let's Encrypt certificate. If you configure auto-renewal of the Let's Encrypt certificate, remember to include this operation.
In order to do this I added a cronjob to my let's encrypt cronjobs like this:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
33 2 * * 1 cat /etc/letsencrypt/archive/DOMAIN/{fullchain1.pem,privkey1.pem} | tee /etc/ssl/mongo.pem
35 2 * * 1 /etc/init.d/nginx reload
However after restarting the server on a monday, mongod wouldn't start because it couldn't find/read /etc/ssl/mongo.pem
.
How do I set this up correctly? Do I need to chown/chmod the file in another cronjob?
Thanks for your help!
I ran into a problem with the script above. Unfortunately let's encrypt doens't override fullchain and privkey but adds new versions when certificate is due to renew: fullchain2.pem
privkey2.pem
So I had to alter the script accordingly. I also put the renew and nginx part inside so we need only one cronjob:
#!/bin/bash
# stop nginx
/etc/init.d/nginx stop
# check for new cert
/opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
# combine latest letsencrypt files for mongo
# find latest fullchain*.pem
newestFull=$(ls -v /etc/letsencrypt/live/DOMAIN/fullchain*.pem | tail -n 1)
echo "$newestFull"
# find latest privkey*.pem
newestPriv=$(ls -v /etc/letsencrypt/live/DOMAIN/privkey*.pem | tail -n 1)
echo "$newestPriv"
# combine to mongo.pem
cat {$newestFull,$newestPriv} | tee /etc/ssl/mongo.pem
# set rights for mongo.pem
chmod 600 /etc/ssl/mongo.pem
chown mongodb:mongodb /etc/ssl/mongo.pem
# restart mongo
/sbin/restart mongod
# start nginx
/etc/init.d/nginx start
Ok, so here is what I ended up with. I wrote a little script:
#!/bin/bash
# combine letsencrypt files for mongo
cat /etc/letsencrypt/archive/DOMAIN/{fullchain1.pem,privkey1.pem} | tee /etc/ssl/mongo.pem
# set rights for mongo.pem
chmod 600 /etc/ssl/mongo.pem
chown mongodb:mongodb /etc/ssl/mongo.pem
# restart mongo
/sbin/restart mongod
and fire it with a cron job:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log
33 2 * * 1 cat /root/myScript
35 2 * * 1 /etc/init.d/nginx reload
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.