Openvas Webinterface Letsencrypt: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(9 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
Zeile 2: | Zeile 2: | ||
*apt-get install certbot | *apt-get install certbot | ||
*systemctl stop greenbone-security-assistant | *systemctl stop greenbone-security-assistant | ||
− | = | + | =Get Certificate= |
*certbot certonly --standalone -d cain.txxn.de | *certbot certonly --standalone -d cain.txxn.de | ||
+ | |||
+ | =Konfiguration= | ||
+ | *vi /etc/systemd/system/greenbone-security-assistant.service | ||
+ | <pre> | ||
+ | [Unit] | ||
+ | Description=Greenbone Security Assistant | ||
+ | Documentation=man:gsad(8) http://www.openvas.org/ | ||
+ | Wants=openvas-manager.service | ||
+ | |||
+ | [Service] | ||
+ | Type=simple | ||
+ | PIDFile=/var/run/gsad.pid | ||
+ | ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </pre> | ||
+ | |||
+ | =Renew Script= | ||
+ | *cat /usr/local/sbin/cert-renew | ||
+ | #!/bin/bash | ||
+ | SERVICES="greenbone-security-assistant" | ||
+ | for SERVICE in $SERVICES | ||
+ | do | ||
+ | systemctl $1 $SERVICE | ||
+ | done | ||
+ | *chmod a+x /usr/local/sbin/cert-renew | ||
+ | =Cronjob= | ||
+ | *crontab -e | ||
+ | 5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start" | ||
+ | =Start greenbone-security-assistant= | ||
+ | *systemctl start greenbone-security-assistant |
Aktuelle Version vom 15. Januar 2020, 11:49 Uhr
Install
- apt-get install certbot
- systemctl stop greenbone-security-assistant
Get Certificate
- certbot certonly --standalone -d cain.txxn.de
Konfiguration
- vi /etc/systemd/system/greenbone-security-assistant.service
[Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service [Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --ssl-private-key=/etc/letsencrypt/live/cain.tuxmen.de/privkey.pem --ssl-certificate=/etc/letsencrypt/live/cain.tuxmen.de/cert.pem --allow-header-host "cain.tuxmen.de" [Install] WantedBy=multi-user.target
Renew Script
- cat /usr/local/sbin/cert-renew
#!/bin/bash SERVICES="greenbone-security-assistant" for SERVICE in $SERVICES do systemctl $1 $SERVICE done
- chmod a+x /usr/local/sbin/cert-renew
Cronjob
- crontab -e
5 0 * * * /usr/bin/certbot renew --quiet --pre-hook "/usr/local/sbin/cert-renew stop" --post-hook "/usr/local/sbin/cert-renew start"
Start greenbone-security-assistant
- systemctl start greenbone-security-assistant