Okay, I will try to give some short tutorials on a few of your questions:
Approach 1: Using a cronjob to manually copy the certificate
- Make sure syncthing has the
https-key.pemandhttps-cert.pemfiles present in it’s home directory; my commands assume the directory is/home/syncthing/.config/syncthing[that’s my setup). Make sure the permissions are correct, meaning the files are owned by the user running syncthing. The easiest way to achieve this is by deleting the current files while syncthing is stopped. - Upon the next start, syncthing will re-generate the
https-key.pemandhttps-cert.pemfiles with the correct permissions (files are owned by user running syncthing). Now, you only need to overwrite the files - overwriting existing files does not change their permissions. - Open a shell/terminal on the machine, preferably as root or any other user that definetly has access to all certificates inside of
/etc/letsencrypt. You can get root either by typing insuor by prefixing the following command withsudo. - Type
crontab -eto edit the crontab of the current user - The file will be opened with some text editor, like nano. In the file, below the comments you can add the following lines:
@daily cp /etc/letsencrypt/live/[domain]/privkey.pem /home/syncthing/.config/syncthing/https-key.pem
@daily cp /etc/letsencrypt/live/[domain]/fullchain.pem /home/syncthing/.config/syncthing/https-cert.pem
- This would copy the certificates from the let’s encrypt directory daily to the syncthing directory, overwriting existing files but without modifying file permissions. The solution is simple, but definetly not the best. The
@dailyshould be supported by pretty much every standard cron and tells the system to run the command every day, I believe it’s at midnight.
Approach 2: Syncthing behind nginx reverse proxy
- It’s actually fairly straightforward, assuming that you already got nginx up and running. To prevent this guide from blowing up the forum, I will assume you already got that.
- Every proper nginx-tutorial should tell you to create your configuration in a seperate file which should live inside
/etc/nginx/sites-available. I will assume that you already have such a file and that it is calledreverse-proxy.conf - To setup a reverse proxy, open the file
reverse-proxy.confand make it look like this generic example. The file should include your old configuration (if any) and the new one.
I believe what’s meant is that certbot supports additional actions (called hooks) that are executed whenever certbot performs certain actions, such as renewing a certificate. You could create a hook that automatically restarts syncthing whenever certbot renews your certificate. A good piece of documentation to start with is here: User Guide — Certbot 2.11.0.dev0 documentation