diff options
author | Pedro Alvarez Piedehierro <palvarez89@gmail.com> | 2017-05-21 23:56:15 +0000 |
---|---|---|
committer | Pedro Alvarez Piedehierro <palvarez89@gmail.com> | 2017-05-21 23:56:15 +0000 |
commit | 010aaeedfed6d1bdad723af565276e74d0ad0711 (patch) | |
tree | 667681ef6c81cb8b6623fb6a6dcba364f5ba5cfa /README.mdwn | |
parent | 9ea4b18fff0ad4d50a690c6f18145bf360080891 (diff) | |
parent | fb589dbd3b98e73e880377624ffe7b594db9c5c4 (diff) | |
download | infrastructure-010aaeedfed6d1bdad723af565276e74d0ad0711.tar.gz |
Merge branch 'pedro/ssl-may-2017' into 'master'
Pedro/ssl may 2017
See merge request !1
Diffstat (limited to 'README.mdwn')
-rw-r--r-- | README.mdwn | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/README.mdwn b/README.mdwn index 7285511d..d4ae09b6 100644 --- a/README.mdwn +++ b/README.mdwn @@ -809,9 +809,10 @@ Generation of certificates > Note: This should be automated in the next upgrade. The instructions > sound like a lot of effort -To generate the SSL certs, first you need to clone the following repository: +To generate the SSL certs, first you need to clone the following repositories: git clone https://github.com/lukas2511/letsencrypt.sh.git + git clone https://github.com/mythic-beasts/letsencrypt-mythic-dns01.git The version used the first time was `0.4.0` with sha `116386486b3749e4c5e1b4da35904f30f8b2749b`, (just in case future releases break these instructions) @@ -827,6 +828,14 @@ of the subdomains: git.baserock.org EOF +And the `config` file needed: + + cat >config <<'EOF' + CONTACT_EMAIL="admin@baserock.org" + HOOK="../letsencrypt-mythic-dns01/letsencrypt-mythic-dns01.sh" + CHALLENGETYPE="dns-01" + EOF + Create a `dnsapi.config.txt` with the contents of `private/dnsapi.config.txt` decrypted. To show the contents of this file, run the following in a `infrastructure.git` repo checkout. @@ -838,6 +847,8 @@ Now, to generate the certs, run: ./dehydrated -c +> If this is the first time, you will get asked to run +> `./dehydrated --register --accept-terms` In the `certs` folder you will have all the certificates generated. To construct the certificates that are present in `certs` and `private` you will have to: @@ -846,7 +857,7 @@ certificates that are present in `certs` and `private` you will have to: mkdir -p tmp/private tmp/certs # Create some full certs including key for some services that need it this way - cat git.baserock.org/cert.csr git.baserock.org/cert.pem chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem + cat git.baserock.org/cert.csr git.baserock.org/cert.pem git.baserock.org/chain.pem git.baserock.org/privkey.pem > tmp/private/git-with-key.pem cat irclogs.baserock.org/cert.csr irclogs.baserock.org/cert.pem irclogs.baserock.org/chain.pem irclogs.baserock.org/privkey.pem > tmp/private/frontend-with-key.pem # Copy key files @@ -876,6 +887,11 @@ keys (located in `private` folder): ansible-vault encrypt tmp/private/* +And copy them to the repo: + + cp tmp/certs/* ../../certs/ + cp tmp/private/* ../../private/ + Deploy certificates ------------------- |