Renewing chef SSL

not-a-file.sh

# Stop the check server so that it can read port 443
sudo chef-server-ctl stop

# Generate the cert
certbot certonly --standalone -d [.....URL.....]

# Cert gets generated in ‘/etc/letsencrypt/live/[.....URL.....]’

# edit the chef server file to make sure it has the right stuff
nano /etc/opscode/chef-server.rb
---------------------------------------
nginx['ssl_certificate'] = "/etc/letsencrypt/live/[.....URL.....]/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/[.....URL.....]/privkey.pem"
nginx['ssl_ciphers'] = "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-$
nginx['ssl_protocols'] = "TLSv1 TLSv1.1 TLSv1.2"
---------------------------------------

# start chef back up
sudo chef-server-ctl start

# reconfigure chef server
sudo chef-server-ctl reconfigure

# reconfigure chef manager
chef-manage-ctl reconfigure

# restart the server for good measure
chef-manage-ctl restart

# delete the files locally
rm [.....DIR.....]/.chef/trusted_certs/*

# get the new ssl certificate
knife ssl fetch

# check it
knife ssl check

# check with openssl 
openssl s_client -connect [.....URL.....]:443