Openvas Webinterface Letsencrypt: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=Install= *sudo apt-get install certbot *“) |
|||
(10 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
=Install= | =Install= | ||
− | * | + | *apt-get install certbot |
− | * | + | *systemctl stop greenbone-security-assistant |
+ | =Get Certificate= | ||
+ | *certbot certonly --standalone -d cain.txxn.de | ||
+ | |||
+ | =Konfiguration= | ||
+ | *vi /etc/systemd/system/greenbone-security-assistant.service | ||
+ | <pre> | ||
+ | [Unit] | ||
+ | Description=Greenbone Security Assistant | ||
+ | Documentation=man:gsad(8) http://www.openvas.org/ | ||
+ | Wants=openvas-manager.service | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | PIDFile=/var/run/gsad.pid | ||
+ | ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </pre> | ||
+ | |||
+ | =Renew Script= | ||
+ | *cat /usr/local/sbin/cert-renew | ||
+ | #!/bin/bash | ||
+ | SERVICES="greenbone-security-assistant" | ||
+ | for SERVICE in $SERVICES | ||
+ | do | ||
+ | systemctl $1 $SERVICE | ||
+ | done | ||
+ | *chmod a+x /usr/local/sbin/cert-renew | ||
+ | =Cronjob= | ||
+ | *crontab -e | ||
+ | 5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start" | ||
+ | =Start greenbone-security-assistant= | ||
+ | *systemctl start greenbone-security-assistant |
Aktuelle Version vom 15. Januar 2020, 11:49 Uhr
Install
- apt-get install certbot
- systemctl stop greenbone-security-assistant
Get Certificate
- certbot certonly --standalone -d cain.txxn.de
Konfiguration
- vi /etc/systemd/system/greenbone-security-assistant.service
[Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service [Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" [Install] WantedBy=multi-user.target
Renew Script
- cat /usr/local/sbin/cert-renew
#!/bin/bash SERVICES="greenbone-security-assistant" for SERVICE in $SERVICES do systemctl $1 $SERVICE done
- chmod a+x /usr/local/sbin/cert-renew
Cronjob
- crontab -e
5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start"
Start greenbone-security-assistant
- systemctl start greenbone-security-assistant