Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-08-07 14:02:28 -04:00
Code Issues Projects Releases Packages Wiki Activity

certbot: switch to --required-profile

Browse source
This commit is contained in:
Daniel Micay 2025-06-21 18:16:58 -04:00
parent 224bdfe93f
commit b1452518fc
13 changed files with 14 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

4
certbot/0.grapheneos.network
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name grapheneos.network \
-d grapheneos.network \
@ -21,7 +21,7 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
-d dl.vanadium.app
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type rsa --rsa-key-size 3072 --reuse-key --preferred-profile tlsserver \
--key-type rsa --rsa-key-size 3072 --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name supl.grapheneos.org \
-d supl.grapheneos.org

2
certbot/0.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name grapheneos.org \
-d grapheneos.org \

2
certbot/0.ns1.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
--cert-name ns1.grapheneos.org \
-d ns1.grapheneos.org \

2
certbot/0.ns2.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
--cert-name ns2.grapheneos.org \
-d ns2.grapheneos.org \

2
certbot/4.releases.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name releases.grapheneos.org \
-d releases.grapheneos.org \

2
certbot/attestation.app
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name attestation.app \
-d attestation.app \

2
certbot/discuss.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name discuss.grapheneos.org \
-d discuss.grapheneos.org

2
certbot/grapheneos.social
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name grapheneos.social \
-d grapheneos.social \

2
certbot/mail.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name mta-sts.mail.grapheneos.org \
-d mail.grapheneos.org \

2
certbot/matrix.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name matrix.grapheneos.org \
-d matrix.grapheneos.org \

2
certbot/ns1.staging.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \
--cert-name ns1.staging.grapheneos.org \
-d ns1.staging.grapheneos.org \

2
certbot/staging.attestation.app
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name staging.attestation.app \
-d staging.attestation.app

2
certbot/staging.grapheneos.org
View file

@ -1,5 +1,5 @@
certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
--key-type ecdsa --reuse-key --preferred-profile tlsserver \
--key-type ecdsa --reuse-key --required-profile tlsserver \
--deploy-hook "nginx -s reload" \
--cert-name staging.grapheneos.org \
-d staging.grapheneos.org