Nginx Unit plugin for Certbot

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kea from gravatar.com kea

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License Copyright (c) 2024 Manuel Baldassarri Permission is hereby granted, free of charge, to...)
  • Author: Manuel Baldassarri
Classifiers

Project description

Certbot NGINX Unit plugin

This is a certbot plugin for using certbot in combination with NGINX Unit https://unit.nginx.org/

Requirement

The command unitc should be installed and executable.

Current Features

  • Supports NGINX Unit/1.31*
  • Supports cerbot 2.12+ / 3+
  • install certificates
  • automatic renewal certificates

Installation

  • Via Snap (requires certbot to be installed via snap):

    install snapd

    install certbot

    snap install --classic certbot

    install and configure this plugin

    sudo snap install certbot-nginx-unit 
sudo snap set certbot trust-plugin-with-root=ok
sudo snap connect certbot:plugin certbot-nginx-unit

  • Via Pip

    pip install certbot certbot-nginx-unit

  • Via Pip virtual env

    Create a virtual environment, to avoid conflicts

    python3 -m venv /some/path

    use the pip in the virtual environment to install or update

    /some/path/bin/pip install -U certbot certbot-nginx-unit

    use the cerbot from the virtualenv, to avoid accidentally using one from a different environment that does not have this library

    /some/path/bin/certbot

    or uninstall other certbot system installation and link it to /usr/bin

    ln -s /some/path/bin/certbot /usr/bin

Usage

Configure the unit listener with *:80 or *:443

# unitc /config

{
    "listeners": {
        "*:80": {
            "pass": "routes"
        }
        "routes": [
            {
                "action": {
                    "share": "/srv/www/unit/index.html"
                }
            }
        ]
    }
}

Now, generate and automatically install the certificate with

# certbot --configurator nginx-unit -d www.myapp.com

The result is a certificate created and installed.

# unitc /certificates

{
	"www.myapp.com_20240202145800": {
		"key": "RSA (2048 bits)",
		"chain": [
			{
				<omissis>
			}
		]
	}
}

and the configuration updated

# unitc /config

{
	"listeners": {
		"*:80": {
			"pass": "routes"
		},

		"*:443": {
			"pass": "routes",
			"tls": {
				"certificate": [
					"www.myapp.com_20240202145800"
				]
			}
		}
	},

	"routes": [
		{
			"match": {
				"uri": "/.well-known/acme-challenge/*"
			},

			"action": {
				"share": "/srv/www/unit/$uri"
			}
		},
		{
			"action": {
				"share": "/srv/www/unit/index.html"
			}
		}
	]
}

Auto-renew certificates

Certbot installs a timer on the system to renew certificates one month before the certificate expiration date.

Multiple domains/applications

You can run the certbot command for each domain

# certbot --configurator nginx-unit -d www.myapp1.com
# certbot --configurator nginx-unit -d www.myapp2.com
# unitc '/config/listeners/*:443' 

{
    "pass": "routes",
    "tls": {
        "certificate": [
            "www.myapp1.com_20240202145800"
            "www.myapp2.com_20240202145800"
        ]
    }
}

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for kea from gravatar.com kea

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License Copyright (c) 2024 Manuel Baldassarri Permission is hereby granted, free of charge, to...)
  • Author: Manuel Baldassarri
Classifiers

Release history Release notifications | RSS feed

This version

1.1.0

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certbot_nginx_unit-1.1.0.tar.gz (21.8 kB view details)

Uploaded Source

Built Distribution

certbot_nginx_unit-1.1.0-py3-none-any.whl (12.3 kB view details)

Uploaded Python 3

File details

Details for the file certbot_nginx_unit-1.1.0.tar.gz.

File metadata

  • Download URL: certbot_nginx_unit-1.1.0.tar.gz
  • Upload date:
  • Size: 21.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.0.1 CPython/3.12.8

File hashes

Hashes for certbot_nginx_unit-1.1.0.tar.gz
Algorithm Hash digest
SHA256 436370bd67269c76148c512e63abad8d7ea181e7c9a63684d91a9f48173dc44e
MD5 fcfbf6c7b30a2f0d8c0e1496bfcda42f
BLAKE2b-256 8d111569160a1f4a59969983cc5ce9987d29db2ef1d9c7c73a7092955caf7210

See more details on using hashes here.

Provenance

The following attestation bundles were made for certbot_nginx_unit-1.1.0.tar.gz:

Publisher: publish-to-pypi.yml on kea/certbot-nginx-unit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file certbot_nginx_unit-1.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for certbot_nginx_unit-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 2ee2e267d5800bf150bf78fc17565c917ccd33a7ecfcd8968f99ef3983a0bf49
MD5 30922fc8b42bc9fc7ab9504b9556d29e
BLAKE2b-256 07d64c4319c0978a4a0dca76a6b6c4ad9c574407d2e1938cb0571b5ceca58bd8

See more details on using hashes here.

Provenance

The following attestation bundles were made for certbot_nginx_unit-1.1.0-py3-none-any.whl:

Publisher: publish-to-pypi.yml on kea/certbot-nginx-unit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page