1,084
edits
Technician (talk | contribs) |
Technician (talk | contribs) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 68: | Line 68: | ||
|TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | |TXT || _dmarc || v=DMARC1; p=reject; rua=<nowiki>mailto:admin</nowiki>@feministwiki.org || DMARC | ||
|} | |} | ||
'''Note:''' There must be a direct A or AAAA record (not a CNAME record) for the domain name specified in the MX record. | |||
For XMPP: | For XMPP: | ||
Line 115: | Line 117: | ||
cat fullchain.pem privkey.pem > certbundle.pem | cat fullchain.pem privkey.pem > certbundle.pem | ||
The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''', | The script <code>/root/bin/letsencrypt-refresh</code> '''does all of the above''' automatically. It stops Apache, runs the commands described above, and starts Apache again. This can be used not only to refresh a cert that's running out, but also to add a new domain to the cert. Just add the domain to <code>/root/etc/domains</code> and run the commands. Note that the letsencrypt command may not work well on a "dumb" terminal such as an Emacs shell buffer. If in doubt, run it from within a proper terminal emulator. | ||
=== Readability of the key files === | |||
To ensure that processes running under unprivileged users can read key files, ensure that the users they run under are members of the <code>ssl-cert</code> group, which should have read access to the files in <code>/etc/letsencrypt/live/feministwiki.org</code>. | |||
== Ubuntu package repositories == | |||
Currently, FeministWiki runs on Ubuntu 16.04 LTS (Xenial), which has rather old Apache and PHP packages. We use the Ubuntu PPAs <code>ondrej/apache2</code> and <code>ondrej/php</code> to get newer versions. | |||
For F-Droid packages, we use the <code>fdroid/fdroidserver</code> Ubuntu PPA. | |||
== Services == | == Services == |