Add README.md

2026-02-14 11:06:40 +00:00 · 2026-02-14 11:06:40 +00:00 · e167415d1c
commit e167415d1c
parent 82a560aa07
1 changed files with 49 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,49 @@
+Save script:
+
+`vim /etc/letsencrypt/renewal-hooks/deploy/sync-to-passive.sh`
+
+Make executable:
+
+`chmod +x /etc/letsencrypt/renewal-hooks/deploy/sync-to-passive.sh`
+
+Add the user:
+
+`useradd -r -s /bin/bash -m certbot`
+
+
+Configure SSH Key auth:
+
+```
+ssh-keygen -t ed25519 -f /root/.ssh/id_ed25519_certbot -N ""
+ssh-copy-id -i /root/.ssh/id_ed25519_certbot certbot@tywaf12.firstderivatives.com
+```
+
+Create logdir:
+
+```
+mkdir -p /var/log/letsencrypt
+touch /var/log/letsencrypt/sync.log
+```
+
+Put in place the sudo rules:
+```
+vim  /etc/sudoers.d/certbot
+
+
+# Allow certbot user to sync certificates and reload web server without password
+certbot ALL=(ALL) NOPASSWD: /usr/bin/rsync
+certbot ALL=(ALL) NOPASSWD: /bin/systemctl reload nginx
+
+```
+
+Add ssh config for the Primary:
+
+```
+   tee -a /root/.ssh/config << EOF
+   Host passive-certbot
+       HostName tywaf12.firstderivatives.com
+       User certbot
+       IdentityFile /root/.ssh/id_ed25519_certbot
+   EOF
+
+```