Changes in 29be6d2: Updated Automatic CA (markdown)

services/Automatic-CA.md

@@ -188,6 +188,32 @@ Enter Export Password: ****

 Verifying - Enter Export Password: ****

 ```

+The generated certificate will be valid for 3 months, to renew it simply run ```./ca.dn42 tls-sign ca.dn42 XUU-MNT``` again. This could be also automated in cron or with a systemd timer:

+

+```

+0 0 1 * * /etc/ssl/dn42/ca.dn42 tls-sign wiki.dn42 MIC92-MNT

+```

+

+```

+# update-dn42-ca.timer

+[Timer]

+OnBootSec=1h

+OnUnitActiveSec=1w

+Persistent=yes

+

+[Install]

+WantedBy=timers.target

+```

+

+```

+[Service]

+Type=oneshot

+WorkingDirectory=/etc/ssl/dn42

+ExecStart=/etc/ssl/dn42/ca.dn42 tls-sign wiki.dn42 MIC92-MNT

+# accept multiple ExecStart lines for other certificates

+#ExecStart=/etc/ssl/dn42/ca.dn42 tls-sign foobar.dn42 MIC92-MNT

+ExecStart=/usr/bin/nginx -s reload

+```

 ## Revoke a certificate.

...	...	@@ -188,6 +188,32 @@ Enter Export Password: ****
188	188	Verifying - Enter Export Password: ****
189	189	```
190	190
	191	+The generated certificate will be valid for 3 months, to renew it simply run ```./ca.dn42 tls-sign ca.dn42 XUU-MNT``` again. This could be also automated in cron or with a systemd timer:
	192	+
	193	+```
	194	+0 0 1 * * /etc/ssl/dn42/ca.dn42 tls-sign wiki.dn42 MIC92-MNT
	195	+```
	196	+
	197	+```
	198	+# update-dn42-ca.timer
	199	+[Timer]
	200	+OnBootSec=1h
	201	+OnUnitActiveSec=1w
	202	+Persistent=yes
	203	+
	204	+[Install]
	205	+WantedBy=timers.target
	206	+```
	207	+
	208	+```
	209	+[Service]
	210	+Type=oneshot
	211	+WorkingDirectory=/etc/ssl/dn42
	212	+ExecStart=/etc/ssl/dn42/ca.dn42 tls-sign wiki.dn42 MIC92-MNT
	213	+# accept multiple ExecStart lines for other certificates
	214	+#ExecStart=/etc/ssl/dn42/ca.dn42 tls-sign foobar.dn42 MIC92-MNT
	215	+ExecStart=/usr/bin/nginx -s reload
	216	+```
191	217
192	218	## Revoke a certificate.
193	219