Nginx Unit plugin for Certbot
Project description
Certbot NGINX Unit plugin
This is a certbot plugin for using certbot in combination with NGINX Unit https://unit.nginx.org/
Requirement
The command unitc should be installed and executable.
Current Features
- Supports NGINX Unit/1.31*
- Supports cerbot 1.21+
- install certificates
- automatic renewal certificates
Installation
-
Via Snap (requires certbot to be installed via snap):
install snapd
install certbot
snap install --classic certbotinstall and configure this plugin
sudo snap install certbot-nginx-unit sudo snap set certbot trust-plugin-with-root=ok sudo snap connect certbot:plugin certbot-nginx-unit -
Via Pip
pip install certbot certbot-nginx-unit -
Via Pip virtual env
Create a virtual environment, to avoid conflicts
python3 -m venv /some/pathuse the pip in the virtual environment to install or update
/some/path/bin/pip install -U certbot certbot-nginx-unituse the cerbot from the virtualenv, to avoid accidentally using one from a different environment that does not have this library
/some/path/bin/certbotor uninstall other certbot system installation and link it to /usr/bin
ln -s /some/path/bin/certbot /usr/bin
Usage
Configure the unit listener with *:80 or *:443
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
}
"routes": [
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
}
Now, generate and automatically install the certificate with
# certbot --configurator nginx-unit -d www.myapp.com
The result is a certificate created and installed.
# unitc /certificates
{
"www.myapp.com_20240202145800": {
"key": "RSA (2048 bits)",
"chain": [
{
<omissis>
}
]
}
}
and the configuration updated
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
},
"*:443": {
"pass": "routes",
"tls": {
"certificate": [
"www.myapp.com_20240202145800"
]
}
}
},
"routes": [
{
"match": {
"uri": "/.well-known/acme-challenge/*"
},
"action": {
"share": "/srv/www/unit/$uri"
}
},
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
Auto-renew certificates
Certbot installs a timer on the system to renew certificates one month before the certificate expiration date.
Multiple domains/applications
You can run the certbot command for each domain
# certbot --configurator nginx-unit -d www.myapp1.com
# certbot --configurator nginx-unit -d www.myapp2.com
# unitc '/config/listeners/*:443'
{
"pass": "routes",
"tls": {
"certificate": [
"www.myapp1.com_20240202145800"
"www.myapp2.com_20240202145800"
]
}
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file certbot_nginx_unit-1.0.10.tar.gz.
File metadata
- Download URL: certbot_nginx_unit-1.0.10.tar.gz
- Upload date:
- Size: 21.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 28348f2ed9db6a4f27461d6557b53d8163a983c1d6657a6ca48f8e6d5a2990b6 |
|
| MD5 | affb3596546a95a95cc599f67cd9506e |
|
| BLAKE2b-256 | 1bea07c2836efff5c2e3e6f381e6d9ea4067061aa391041aceb57f35e2d660a3 |
File details
Details for the file certbot_nginx_unit-1.0.10-py3-none-any.whl.
File metadata
- Download URL: certbot_nginx_unit-1.0.10-py3-none-any.whl
- Upload date:
- Size: 12.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.0.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 24fa4734359c13a24d90f449cd7c852b643a47cf8cd20309dbe5b2bcfdfa2cbe |
|
| MD5 | c2705d21b9ef5b4d3fee97de33dc5527 |
|
| BLAKE2b-256 | e07f8bb52027dc12bc63bae6d7fbf0ed024a7e8ed46c098338cb7a20d2cf33d9 |
