Openvas Webinterface Letsencrypt: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (9 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 2: | Zeile 2: | ||
*apt-get install certbot | *apt-get install certbot | ||
*systemctl stop greenbone-security-assistant | *systemctl stop greenbone-security-assistant | ||
| − | = | + | =Get Certificate= |
*certbot certonly --standalone -d cain.txxn.de | *certbot certonly --standalone -d cain.txxn.de | ||
| + | |||
| + | =Konfiguration= | ||
| + | *vi /etc/systemd/system/greenbone-security-assistant.service | ||
| + | <pre> | ||
| + | [Unit] | ||
| + | Description=Greenbone Security Assistant | ||
| + | Documentation=man:gsad(8) http://www.openvas.org/ | ||
| + | Wants=openvas-manager.service | ||
| + | |||
| + | [Service] | ||
| + | Type=simple | ||
| + | PIDFile=/var/run/gsad.pid | ||
| + | ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </pre> | ||
| + | |||
| + | =Renew Script= | ||
| + | *cat /usr/local/sbin/cert-renew | ||
| + | #!/bin/bash | ||
| + | SERVICES="greenbone-security-assistant" | ||
| + | for SERVICE in $SERVICES | ||
| + | do | ||
| + | systemctl $1 $SERVICE | ||
| + | done | ||
| + | *chmod a+x /usr/local/sbin/cert-renew | ||
| + | =Cronjob= | ||
| + | *crontab -e | ||
| + | 5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start" | ||
| + | =Start greenbone-security-assistant= | ||
| + | *systemctl start greenbone-security-assistant | ||
Aktuelle Version vom 15. Januar 2020, 11:49 Uhr
Install
- apt-get install certbot
- systemctl stop greenbone-security-assistant
Get Certificate
- certbot certonly --standalone -d cain.txxn.de
Konfiguration
- vi /etc/systemd/system/greenbone-security-assistant.service
[Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service [Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" [Install] WantedBy=multi-user.target
Renew Script
- cat /usr/local/sbin/cert-renew
#!/bin/bash SERVICES="greenbone-security-assistant" for SERVICE in $SERVICES do systemctl $1 $SERVICE done
- chmod a+x /usr/local/sbin/cert-renew
Cronjob
- crontab -e
5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start"
Start greenbone-security-assistant
- systemctl start greenbone-security-assistant