welcome: please sign in

The following 241 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
about   above   accessible   acme   adapt   Add   administrators   admins   afs   all   allowed   already   also   and   apache2   are   as   At   bash   bashrc   before   below   but   by   can   cd   cer   cert   certificate   certification   certs   clear   client   clone   com   command   complain   config   construction   Contents   context   Copy   correct   create   crontab   Customize   default   describes   different   directory   do   doesn   Dom   dom   Domain   domtool   Download   each   echo   enable   end   ending   enough   ensure   env   environment   etc   even   example   Existing   expects   extension   few   fi   Fields   file   files   filled   fine   First   follow   following   For   for   from   fs   Generate   generate   git   github   have   hcoop   help   how   html   http   https   if   If   in   In   install   installation   instructions   is   issue   it   keep   key   know   le   Le   letsencrypt   lines   ll   load   log   may   Maybe   members   message   modified   more   must   need   Neilpang   net   new   next   not   note   Of   of   on   once   one   only   Open   operations   optional   or   out   own   page   path   pem   permission   permissions   portal   precautions   Precautions   print   private   probably   profile   public   publicly   pure   re   read   Read   recommended   reconnect   redirect   redirecting   remain   renew   replace   request   Request   rewrite   Rule   Run   run   sa   section   Security   See   Send   session   set   Set   setup   setups   sh   Simplest   Since   skip   source   ssh   ssl   steps   Subdomain   subdomain   system   Table   take   temp   that   The   the   them   then   Then   these   These   third   This   this   time   to   Tool   touch   traffic   tweaks   under   Under   up   Update   use   using   versions   want   warning   web   website   whenever   where   wiki   will   wish   With   with   without   write   written   www   You   you   your   Your  

Clear message
Edit

MemberManual / ServingWebsites / SslCert / LetsEncrypt

This page describes how to enable ssl using letsencrypt for example.com. ssh to ssh.hcoop.net, then follow the instructions below

1. First time setup

At the end of these steps, you'll have a certificate for www.example.com. If you want to use a different subdomain (example.com, git.example.com, etc), you'll follow modified versions of these steps in section 2.

1.1. Set up your new website with http

echo 'dom "example.com" with end;' > ~/.domtool/example.com

1.2. Set up your environment

These steps are recommended but optional. If you skip them, you'll need to run source ~/.le/le.env each time before you generate certs.

The hcoop environment doesn't use a .bashrc file by default, but le expects one. First create the file

touch ~/.bashrc

Then load it in each new session. Add the following lines to ~/.bash_profile

if [ -f ~/.bashrc ]; then
        . ~/.bashrc
fi

1.3. Download and install `le`

Le is a letsencrypt client written in pure bash. The third command may complain that you are not allowed to use crontab. This is fine.

git clone https://github.com/Neilpang/le.git
cd le
./acme.sh --install

Security Precautions

Since afs is publicly accessible, you need to take a few precautions to ensure that your certificate and private key remain private. For all key operations, keep the files in a directory that only you and the admins can read.

Set the correct permissions:

fs sa ~/.acme.sh -clear YOUR_USERNAME all system:administrators all

You'll have to do this once, or you can log out and reconnect (if you set up your .bashrc):

source ~/.acme.sh/acme.sh.env

1.4. Generate the cert

Run

acme.sh --issue -d example.com -w ~/public_html/

At the end, it will print a message, Your cert is in and then a path to a file ending in .cer.

Copy this path without the .cer extension. In the next section, replace $FILE with this path.

1.5. Request cert installation from hcoop admins

Send a SSL certificate permission request. Fields are filled out with:

Subdomain: www

Domain: example.com

OpenSSL certificate: $FILE.cer $FILE.key

See section above for context.

You must also request certification installation whenever you renew the certificate.

1.6. Update domtool config to use SSL

Customize your config file as you wish. Simplest example config, redirecting all traffic to https:

dom "example.com" where
  SSL = use_cert "/etc/apache2/ssl/YOUR_USERNAME/www.example.com.pem"
with
  web "www" with
    rewriteRule "^(.*)$" "https://www.example.com$1" [redirectWith temp]
  end;
end;

Read more DomTool

2. Existing setups & tweaks

Under construction

This section is under construction.

If you're already set up, you probably know enough that you can adapt the steps above to your setup on your own. Maybe you can even help write this section!

MemberManual/ServingWebsites/SslCert/LetsEncrypt (last edited 2019-05-25 23:19:04 by ClintonEbadi)