Nginx Unit plugin for Certbot
Project description
Certbot NGINX Unit plugin
This is a certbot plugin for using certbot in combination with NGINX Unit https://unit.nginx.org/
Requirement
The command unitc
should be installed and executable.
Current Features
- Supports NGINX Unit/1.31*
- Supports cerbot 1.21+
- install certificates
- automatic renewal certificates
Installation
-
Via Snap (requires certbot to be installed via snap):
WIP
-
Via Pip
pip install certbot-nginx-unit
-
Via Pip virtual env
Create a virtual environment, to avoid conflicts
python3 -m venv /some/path
use the pip in the virtual environment to install or update
/some/path/bin/pip install -U certbot-nginx-unit
use the cerbot from the virtualenv, to avoid accidentally using one from a different environment that does not have this library
/some/path/bin/certbot
or uninstall other certbot system installation and link it to /usr/bin
ln -s /some/path/bin/certbot /usr/bin
Usage
Configure the unit listener with *:80
or *:443
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
}
"routes": [
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
}
Now, generate and automatically install the certificate with
# certbot --configurator nginx_unit -d www.myapp.com
The result is a certificate created and installed.
# unitc /certificates
{
"www.myapp.com_20240202145800": {
"key": "RSA (2048 bits)",
"chain": [
{
<omissis>
}
]
}
}
and the configuration updated
# unitc /config
{
"listeners": {
"*:80": {
"pass": "routes"
},
"*:443": {
"pass": "routes",
"tls": {
"certificate": [
"www.myapp.com_20240202145800"
]
}
}
},
"routes": [
{
"match": {
"uri": "/.well-known/acme-challenge/*"
},
"action": {
"share": "/srv/www/unit/$uri"
}
},
{
"action": {
"share": "/srv/www/unit/index.html"
}
}
]
}
Auto-renew certificates
Certbot installs a timer on the system to renew certificates one month before the certificate expiration date.
Multiple domains/applications
You can run the certbot command for each domain
# certbot --configurator nginx_unit -d www.myapp1.com
# certbot --configurator nginx_unit -d www.myapp2.com
# unitc '/config/listeners/*:443'
{
"pass": "routes",
"tls": {
"certificate": [
"www.myapp1.com_20240202145800"
"www.myapp2.com_20240202145800"
]
}
}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for certbot_nginx_unit-1.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 246020f400ede4a4d139e7c67cbe2500adf1da1131b773b223372039c3d3e86e |
|
MD5 | eed488b1f27afa28fcf654f9ca0d0d87 |
|
BLAKE2b-256 | 0973e9a96a6859c14a9d3779e394ed9759c1918f12f52d1c62d7e221aea4671d |