mirrors/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2024-10-22 02:36:15 +03:00
Code Issues Projects Releases Packages Wiki Activity

update certificate setup instructions

Francisco Pombal 2019-12-27 12:50:33 +00:00
parent 1b3ee74c59
commit 4b6c75b455
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
Linux-WebUI-setting-up-HTTPS-with-Let's-Encrypt-certificates.md

@ -49,9 +49,14 @@ Refer to the [documentation][certbot-docs-cmd-opt] for more info
2. On the Tools -> Options... menu, go to the Web UI tab. 2. On the Tools -> Options... menu, go to the Web UI tab.
3. In the "Server domains:" field put `yourwebuidomain.duckdns.org` 3. In the "Server domains:" field put `yourwebuidomain.duckdns.org`
4. Tick the "Use HTTPS instead of HTTP" checkbox 4. Tick the "Use HTTPS instead of HTTP" checkbox
5. In the "Key:" text box paste the contents of the file `/etc/letsencrypt/live/yourwebuidomain.duckdns.org/privkey.pem`. You may need root privileges to access this file. 5. a) If using version `4.2.0` or later:
6. In the "Certificate:" text box paste the contents of the file `/etc/letsencrypt/live/yourwebuidomain.duckdns.org/fullchain.pem`. You may need root privileges to access this file. - In the "Key:" text box paste the _path_ of the key file.
7. Click save, close the tab and now you should only be able to access your Web UI via HTTPS. - In the "Certificate:" text box paste the _path_ of the certificate file.
- IMPORTANT NOTE: since the directory where these files usually are located (for example, `/etc/letsencrypt/live/yourwebuidomain.duckdns.org/`) is usually only readable by `root`, you may first need to copy the files somewhere that is readable by the user account that is running qBittorrent. Do not change the permissions of the original `certbot` directories.
5. b) If using older versions:
- In the "Key:" text box paste the _contents_ of the key file (for example, `/etc/letsencrypt/live/yourwebuidomain.duckdns.org/privkey.pem`). You may need root privileges to access this file.
- In the "Certificate:" text box paste the _contents_ of the certificate file (for example, `/etc/letsencrypt/live/yourwebuidomain.duckdns.org/fullchain.pem`). You may need root privileges to access this file.
6. Click save, close the tab and now you should only be able to access your Web UI via HTTPS.
# Automating certificate renewal # Automating certificate renewal
@ -63,6 +68,8 @@ A possible renewal command for a user that does not normally use port 80 can be:
If you have a program listening on port 80, be sure to use the `--pre-hook` and `--post-hook` flags to restart it (for example, `--pre-hook "stop_my_program.sh"` and `--post-hook "restart_my_program.sh"`). If you have a program listening on port 80, be sure to use the `--pre-hook` and `--post-hook` flags to restart it (for example, `--pre-hook "stop_my_program.sh"` and `--post-hook "restart_my_program.sh"`).
Additionally, you can use `certbot` hooks to copy certificate files around and even to shutdown/restart qBittorrent and possibly even modify its config.
Each time the command is run, `certbot` checks if any certificate is more than 60 days old, and only actually renews those. Each time the command is run, `certbot` checks if any certificate is more than 60 days old, and only actually renews those.
You can put your renewal command (without `sudo`) in a crontab or a systemd unit set to run daily or twice a day, which is what the Let's Encrypt folks recommend. You can put your renewal command (without `sudo`) in a crontab or a systemd unit set to run daily or twice a day, which is what the Let's Encrypt folks recommend.