FeministWiki

FeministWiki:Server setup: Difference between revisions

Project page Discussion

FeministWiki:Server setup (view source)

Revision as of 13:31, 17 August 2021

137 bytes added ,  17 August 2021
→‎Initialize LetsEncrypt
Line 112: Line 112:
=== Initialize LetsEncrypt ===
=== Initialize LetsEncrypt ===


The first run of Certbot has to be interactive, so we will do that now.  Since the DNS entries still point to the old server, we can't get a cert for the real domains.  For now, make '''feministwiki.dev''' point to the IP address of the new server, then proceed with the commands below.
First, initialize the certbot configuration:


systemctl stop apache2
  certbot register -n --agree-tos -m technician@feministwiki.org
  certbot certonly --cert-name feministwiki.org # Yes, it should be .org and not .dev


Then follow the on-screen instructions of certbotUse the "standalone" authentication method when asked, and enter feministwiki.dev as the sole domain.
Since various DNS entries still point to the old server, we can't get a cert for the real domains yetFor now, just get one for feministwiki.dev:
 
ufw allow 80
letsencrypt-refresh --dev-only
ufw delete allow 80
 
Our <code>letsencrypt-refresh</code> script makes sure that the cert files are found in <code>/etc/fw-certs</code> and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members. A number of users have to be added to this group so they can read said files:
 
adduser ejabberd ssl-cert
adduser irc ssl-cert


=== Stop services on old server ===
=== Stop services on old server ===
Retrieved from "https://feministwiki.org/wiki/Special:MobileDiff/1120"