1,086
edits
FeministWiki:Server setup: Difference between revisions
→Initialize LetsEncrypt
Technician (talk | contribs) (→Test!) |
Technician (talk | contribs) |
||
| Line 173: | Line 173: | ||
=== Initialize LetsEncrypt === | === Initialize LetsEncrypt === | ||
Initialize the certbot configuration: | |||
certbot register -n --agree-tos -m technician@feministwiki.org | certbot register -n --agree-tos -m technician@feministwiki.org | ||
But for now, copy over the certs from the old server, since most DNS entries still point to the old server: | |||
tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p "$SSH_PORT" 'tar -xzf-' | |||
Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members. A number of users have to be added to this group so they can read said files: | Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members. A number of users have to be added to this group so they can read said files: | ||