---
VMID: 100
---

This VM is a reverse proxy, all serveces go through it and get their SSL certificates

## Creating new record

```sh
cd /etc/nginx/sites-available/ # configs are located here
vim.tiny pastebin.dmz.rs # using pastebin as example, copy existing one and edit it
ln -s /etc/nginx/sites-available/pastebin.dmz.rs  /etc/nging/sites-enabled/pastebin.dmz.rs # creating link since file is the same
mkdir /var/www/pastebindmzrs # new dir where certificate will be validated
nginx -t # checking for errors
systemctl reload nginx.service # reloading the service for changes to apply, reset will work too
service nginx reload # alternative server reload
certbot certonly --webroot -w /var/www/pastebindmzrs -d pastebin.dmz.rs -d pastebin.decentrala.org # requesting the certificates
```

## renewal

```sh
ls /var/www/
cd /etc/letsencrypt/renewal
certbot renew
```