Change the documentation to suggest certbot nginx install method #747

Closed
opened 2024-04-19 07:56:07 +00:00 by shadowjonathan · 4 comments

The idea

Alter the nginx + certbot install section in https://docs.akkoma.dev/stable/installation/debian_based_en/ to use the nginx certbot plugin instead of standalone.

The reasoning

Currently, the guide prescribes an odd (and confusing) mix of standalone and webroot certbot certificate retrieval methods. The akkoma nginx config file also has a commented-out section for the webroot install method.

The way the guide suggests installing, would mean that certbot would not properly refresh the certificate, since it does not know or understand it was installed via nginx. This means the certificate will expire, and any admin who does not have experience with this would have to figure out how to manually fix their instance, while it is down.

Instead, i suggest simply adding the nginx certbot plugin, as it automatically configures the right config for certificate retrieval, and properly installs it, in the background, and will gracefully handle nginx not being started or being down (i've seen the code).

Have you searched for this feature request?

  • I have double-checked and have not found this feature request mentioned anywhere.
  • This feature is related to the Akkoma backend specifically, and not pleroma-fe.
### The idea Alter the nginx + certbot install section in https://docs.akkoma.dev/stable/installation/debian_based_en/ to use the [nginx certbot plugin](github.com/certbot/certbot/tree/master/certbot-nginx) instead of standalone. ### The reasoning Currently, the guide prescribes an odd (and confusing) mix of standalone and webroot certbot certificate retrieval methods. The akkoma nginx config file also has a commented-out section for the webroot install method. The way the guide suggests installing, would mean that certbot would not properly refresh the certificate, since it does not know or understand it was installed via nginx. This means the certificate will expire, and any admin who does not have experience with this would have to figure out how to manually fix their instance, while it is down. Instead, i suggest simply adding the nginx certbot plugin, as it automatically configures the right config for certificate retrieval, and properly installs it, in the background, and will gracefully handle nginx not being started or being down (i've seen the code). ### Have you searched for this feature request? - [x] I have double-checked and have not found this feature request mentioned anywhere. - [x] This feature is related to the Akkoma backend specifically, and not pleroma-fe.
shadowjonathan added the
feature request
label 2024-04-19 07:56:07 +00:00
Author

Should also say that the way the install guide recommends things, will inevitably break, since it recommends installing nginx right before running the standalone certbot certonly command.

Nginx is started upon install, and so it will result in a confusing error like the following:

image

Should also say that the way the install guide recommends things, will inevitably break, since it recommends installing nginx right before running the standalone certbot certonly command. Nginx is started upon install, and so it will result in a confusing error like the following: ![image](/attachments/82ddbe88-4cdc-47aa-a4de-03349204916c)
Member

Nginx is started upon install

i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed

> Nginx is started upon install i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed
Contributor

i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed

I think only Debian and Ubuntu starts services on install, other distros like Fedora and Arch do not.

In any case, I think certbot will restart/reload nginx after installing the certs and modifying the nginx config.

> i believe this depends on the distro, but mentioning to stop any possibly already running instances would be good indeed I think only Debian and Ubuntu starts services on install, other distros like Fedora and Arch do not. In any case, I think certbot will restart/reload nginx after installing the certs and modifying the nginx config.

fixed via #752

fixed via #752
Sign in to join this conversation.
No milestone
No project
No assignees
4 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#747
No description provided.