Nginx Unit plugin for Certbot
Project description
Certbot NGINX Unit plugin
This is a certbot plugin for using certbot in combination with NGINX Unit https://unit.nginx.org/
Requirement
The command unitc should be installed and executable.
Current Features
- Supports NGINX Unit/1.31*
- Supports cerbot 1.21+
- install certificates
- automatic renewal certificates
Installation
-
Via Snap (requires certbot to be installed via snap):
install snapd
install certbot
snap install --classic certbotinstall and configure this plugin
sudo snap install certbot-nginx-unit sudo snap set certbot trust-plugin-with-root=ok sudo snap connect certbot:plugin certbot-nginx-unit -
Via Pip
pip install certbot certbot-nginx-unit -
Via Pip virtual env
Create a virtual environment, to avoid conflicts
python3 -m venv /some/pathuse the pip in the virtual environment to install or update
/some/path/bin/pip install -U certbot certbot-nginx-unituse the cerbot from the virtualenv, to avoid accidentally using one from a different environment that does not have this library
/some/path/bin/certbotor uninstall other certbot system installation and link it to /usr/bin
ln -s /some/path/bin/certbot /usr/bin
Usage
Configure the unit listener with *:80 or *:443
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
}
"routes": [
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
}
Now, generate and automatically install the certificate with
# certbot --configurator nginx-unit -d www.myapp.com
The result is a certificate created and installed.
# unitc /certificates
{
"www.myapp.com_20240202145800": {
"key": "RSA (2048 bits)",
"chain": [
{
<omissis>
}
]
}
}
and the configuration updated
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
},
"*:443": {
"pass": "routes",
"tls": {
"certificate": [
"www.myapp.com_20240202145800"
]
}
}
},
"routes": [
{
"match": {
"uri": "/.well-known/acme-challenge/*"
},
"action": {
"share": "/srv/www/unit/$uri"
}
},
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
Auto-renew certificates
Certbot installs a timer on the system to renew certificates one month before the certificate expiration date.
Multiple domains/applications
You can run the certbot command for each domain
# certbot --configurator nginx-unit -d www.myapp1.com
# certbot --configurator nginx-unit -d www.myapp2.com
# unitc '/config/listeners/*:443'
{
"pass": "routes",
"tls": {
"certificate": [
"www.myapp1.com_20240202145800"
"www.myapp2.com_20240202145800"
]
}
}
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for certbot_nginx_unit-1.0.10.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 28348f2ed9db6a4f27461d6557b53d8163a983c1d6657a6ca48f8e6d5a2990b6 |
|
| MD5 | affb3596546a95a95cc599f67cd9506e |
|
| BLAKE2b-256 | 1bea07c2836efff5c2e3e6f381e6d9ea4067061aa391041aceb57f35e2d660a3 |
Hashes for certbot_nginx_unit-1.0.10-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 24fa4734359c13a24d90f449cd7c852b643a47cf8cd20309dbe5b2bcfdfa2cbe |
|
| MD5 | c2705d21b9ef5b4d3fee97de33dc5527 |
|
| BLAKE2b-256 | e07f8bb52027dc12bc63bae6d7fbf0ed024a7e8ed46c098338cb7a20d2cf33d9 |
