Jump to content

FeministWiki:Server setup: Difference between revisions

No edit summary
Line 173: Line 173:
  a2ensite fw-account fw-blogs fw-chat fw-files fw-forum fw-mail fw-wiki fw-xmpp
  a2ensite fw-account fw-blogs fw-chat fw-files fw-forum fw-mail fw-wiki fw-xmpp


=== Initialize LetsEncrypt ===
=== Copy certificates ===


Initialize the certbot configuration:
Copy over the certs from the old server:
 
certbot register -n --agree-tos -m technician@feministwiki.org
 
But for now, copy over the certs from the old server, since most DNS entries still point to the old server:


  tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p ${SSH_PORT} 'tar -xzf-'
  tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p ${SSH_PORT} 'tar -xzf-'


Our {{C|letsencrypt-refresh}} script makes sure that the cert files are found in {{C|/etc/fw-certs}} and that the private key and cert-and-key bundle are owned by the "ssl-cert" group and are readable by group members.  A number of users have to be added to this group so they can read said files:
The {{C|/etc/fw-certs}} directory is owned by the group {{C|ssl-cert}}, and files that contain the private key can only be read by group members.  To allow certain services to read those files, add them to the group:


  adduser ejabberd ssl-cert
  adduser ejabberd ssl-cert