FeministWiki:Server setup: Difference between revisions
    Line 112: Line 112:
    === Initialize LetsEncrypt ===
    === Initialize LetsEncrypt ===


    The first run of Certbot has to be interactive, so we will do that now.  Since the DNS entries still point to the old server, we can't get a cert for the real domains.  For now, make '''feministwiki.dev''' point to the IP address of the new server, then proceed with the commands below.
    First, initialize the certbot configuration:


    systemctl stop apache2
      certbot register -n --agree-tos -m technician@feministwiki.org
      certbot certonly --cert-name feministwiki.org # Yes, it should be .org and not .dev


    Then follow the on-screen instructions of certbotUse the "standalone" authentication method when asked, and enter feministwiki.dev as the sole domain.
    Since various DNS entries still point to the old server, we can't get a cert for the real domains yetFor now, just get one for feministwiki.dev:
     
    ufw allow 80
    letsencrypt-refresh --dev-only
    ufw delete allow 80
     
    Our <code>letsencrypt-refresh</code> script makes sure that the cert files are found in <code>/etc/fw-certs</code> and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members. A number of users have to be added to this group so they can read said files:
     
    adduser ejabberd ssl-cert
    adduser irc ssl-cert


    === Stop services on old server ===
    === Stop services on old server ===
    Retrieved from "https://feministwiki.org/wiki/FeministWiki:Server_setup"