Renewing Vidjil's SSL Certificate: Difference between revisions
Jump to navigation
Jump to search
(Just provider) |
(Instructions. Experimenting with makdown) |
||
| Line 1: | Line 1: | ||
Our Vidjil server certificates are provided by Let's Encrypt. | |||
To renew the certificates: | |||
* this operation must be done between 1 and 8 days before expiration. | |||
* certified machine name: <code>vidjil.boldrini.org.br</code> | |||
* go to the <docker-dir> and impersonate a super-user: <code>sudo su joao.m</code> (<docker-dir> is currently <code>/home/vidjil/code/2020-vidjil/docker</code>). | |||
* do <code>docker-compose -f docker-compose-wrapper.yml down</code> to prevent Vidjil from disturbing standalone verification. | |||
* renew the certificate: | |||
<blockquote> | |||
<code>sudo certbot certonly --standalone -d vidjil.boldrini.org.br</code> | |||
</blockquote> | |||
* issue the extra commands below to make sure the renewal is seen by Vidjil: | |||
<blockquote> | |||
<code>sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/fullchain.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/fullchain.pem</code> | |||
<code>sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/privkey.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/privkey.pem</code> | |||
</blockquote> | |||
* make sure file `privkey.pem` has permissions 0600 and owner `root` | |||
* do <code>docker-compose -f docker-compose-wrapper.yml up -d</code> to restart Vidjil. | |||
* visit <code>vidjil.boldrini.org.br</code> to confirm the new certificate in on. | |||
* mark on your calendar a date for the next renewal. | |||
Revision as of 11:41, 11 January 2024
Our Vidjil server certificates are provided by Let's Encrypt.
To renew the certificates:
- this operation must be done between 1 and 8 days before expiration.
- certified machine name:
vidjil.boldrini.org.br - go to the <docker-dir> and impersonate a super-user:
sudo su joao.m(<docker-dir> is currently/home/vidjil/code/2020-vidjil/docker). - do
docker-compose -f docker-compose-wrapper.yml downto prevent Vidjil from disturbing standalone verification. - renew the certificate:
sudo certbot certonly --standalone -d vidjil.boldrini.org.br
- issue the extra commands below to make sure the renewal is seen by Vidjil:
sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/fullchain.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/fullchain.pem
sudo cp /etc/letsencrypt/live/vidjil.boldrini.org.br/privkey.pem /home/vidjil/code/2020-vidjil/docker/vidjil-client/ssl/privkey.pem
- make sure file `privkey.pem` has permissions 0600 and owner `root`
- do
docker-compose -f docker-compose-wrapper.yml up -dto restart Vidjil. - visit
vidjil.boldrini.org.brto confirm the new certificate in on. - mark on your calendar a date for the next renewal.