stop nginx and retrieve letsencrypt cert

This commit is contained in:
Praveen Arimbrathodiyil 2016-02-11 01:37:00 +05:30
parent 1babca66f4
commit b42334ad96
2 changed files with 10 additions and 3 deletions

View file

@ -25,7 +25,8 @@ _Description: Enable https?
(startssl.com) or WoSign (buy.wosign.com/free) offer free SSL certificates. (startssl.com) or WoSign (buy.wosign.com/free) offer free SSL certificates.
. .
letsencrypt package may be used to automate interaction with Lets Encrypt to letsencrypt package may be used to automate interaction with Lets Encrypt to
obtain a certificate. obtain a certificate. Nginx must be reloaded after the certificate and key
files are made available at /etc/gitlab/ssl.
Template: gitlab/letsencrypt Template: gitlab/letsencrypt
Type: boolean Type: boolean
@ -38,5 +39,6 @@ _Description: Use Let's Encrypt?
Otherwise, certificate and key files have to be placed manually to Otherwise, certificate and key files have to be placed manually to
/etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'. /etc/gitlab/ssl directory as 'gitlab.crt' and 'gitlab.key'.
. .
Nginx must be reloaded after the certificate and key files are made available Nginx will be stopped, if this option is selected, to allow letsencrypt to use
at /etc/gitlab/ssl. ports 80 and 443 during domain ownership validation and certificate retrieval
step.

5
debian/postinst vendored
View file

@ -86,6 +86,9 @@ case "$1" in
/etc/gitlab/ssl/gitlab.crt /etc/gitlab/ssl/gitlab.crt
ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \ ln -sf /etc/letsencrypt/live/${GITLAB_HOST}/privkey.pem \
/etc/gitlab/ssl/gitlab.key /etc/gitlab/ssl/gitlab.key
# Port 80 and 443 should be available for letsencrypt
invoke-rc.d nginx stop
letsencrypt -d ${GITLAB_HOST} certonly
fi fi
fi fi
@ -98,6 +101,8 @@ case "$1" in
echo "nginx example configuration file not found" echo "nginx example configuration file not found"
exit 1 exit 1
fi fi
# Start nginx
invoke-rc.d nginx start
else else
echo "Failed to retrieve fully qualified domain name" echo "Failed to retrieve fully qualified domain name"
exit 1 exit 1