Renewing Vidjil's SSL Certificate: Difference between revisions

Our Vidjil server certificates are provided by Let's Encrypt.

To renew the certificates:

• this operation must be done between 1 and 8 days before expiration.
• certified machine name: vidjil.boldrini.org.br
• go to the <docker-dir> and impersonate a super-user: sudo su joao.m (<docker-dir> is currently /home/vidjil/code/2020-vidjil/docker).
• do docker-compose -f docker-compose-wrapper.yml down to prevent Vidjil from disturbing standalone verification.
• renew the certificate:

sudo certbot certonly --standalone -d vidjil.boldrini.org.br

• issue the extra commands below to make sure the renewal is seen by Vidjil:

sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/fullchain.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/fullchain.pem

sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/privkey.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/privkey.pem

• make sure file privkey.pem has permissions 0600 and owner root.
• do docker-compose -f docker-compose-wrapper.yml up -d to restart Vidjil.
• visit vidjil.boldrini.org.br to confirm the new certificate in on.
• mark on your calendar a date for the next renewal.