FeministWiki:Server setup: Difference between revisions
    Line 173: Line 173:
    === Initialize LetsEncrypt ===
    === Initialize LetsEncrypt ===


    First, initialize the certbot configuration:
    Initialize the certbot configuration:


      certbot register -n --agree-tos -m technician@feministwiki.org
      certbot register -n --agree-tos -m technician@feministwiki.org


    Since various DNS entries still point to the old server, we can't get a cert for the real domains yet.  For now, just get one for feministwiki.dev:
    But for now, copy over the certs from the old server, since most DNS entries still point to the old server:


      ufw allow 80
      tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p "$SSH_PORT" 'tar -xzf-'
    ~/bin/letsencrypt-refresh --dev-only
    ufw delete allow 80


    Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members.  A number of users have to be added to this group so they can read said files:
    Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members.  A number of users have to be added to this group so they can read said files:
    Retrieved from "https://feministwiki.org/wiki/FeministWiki:Server_setup"