134
edits
(→Certs) |
|||
(2 intermediate revisions by the same user not shown) | |||
Line 42: | Line 42: | ||
{| class="wikitable" | {| class="wikitable" | ||
!Name !! Flag !! Tag !! Value | !Type !! Name !! Flag !! Tag !! Value | ||
|- | |- | ||
|@ || 0 || issue || letsencrypt.org | |CAA || @ || 0 || issue || letsencrypt.org | ||
|- | |- | ||
|@ || 0 || iodef || admin@feministwiki.org | |CAA || @ || 0 || iodef || admin@feministwiki.org | ||
|} | |} | ||
Line 61: | Line 61: | ||
|- | |- | ||
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | |TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | ||
|} | |} | ||
Line 68: | Line 66: | ||
{| class="wikitable" | {| class="wikitable" | ||
!Service !! Protocol !! Name !! Destination !! Port | !Type !! Service !! Protocol !! Name !! Destination !! Port | ||
|- | |- | ||
|_xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222 | |SRV || _xmpp-client || _tcp || @ || xmpp.feministwiki.org || 5222 | ||
|- | |||
|SRV || _xmpp-server || _tcp || @ || xmpp.feministwiki.org || 5269 | |||
|} | |||
Google Site Verification: | |||
{| class="wikitable" | |||
!Type !! Host !! Data | |||
|- | |- | ||
| | |TXT || @ || google-site-verification=<key> | ||
|} | |} | ||
Line 89: | Line 95: | ||
The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | The FeministWiki uses LetsEncrypt to acquire digital certificates for encrypted communication. | ||
To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following | To ease use of the letsencrypt command, the file <code>/root/etc/domains</code> contains all the FQDNs used by the FeministWiki, one per line. Given that, the preferred way to populate the <code>/etc/letsencrypt/live/feministwiki.org</code> directory with fresh certs is to run the following commands while TCP port 80 is free (e.g. stop Apache first): | ||
# Use $() to eliminate the terminating newline, if any. | |||
domains=$(cat /root/etc/domains) | |||
domains=$(printf '%s' "$domains" | tr '\n' ',') | |||
letsencrypt certonly --authenticator standalone -d "$domains" | |||
Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file: | Additionally, for programs that require a cert file and its private key in a single combined <code>.pem</code> file, run the following commands to generate such a file: |