diff --git a/letsencrypt/README.md b/letsencrypt/README.md index 40c55ad..5af69dd 100644 --- a/letsencrypt/README.md +++ b/letsencrypt/README.md @@ -17,16 +17,16 @@ Assumptions: To update the certificate modify the list of domain arguments (`-d foo.com`) below and use the following process: -1. Acquire the list of domains the **current certificate** is responsible for formatted as arguments to `certbot`: +1) Acquire the list of domains the **current certificate** is responsible for formatted as arguments to `certbot`: ``` openssl x509 -in /etc/haproxy/certs/git.services.wit.com.pem -noout -text \ | grep DNS: \ | sed -e 's/^\s*//' -e 's/DNS:/ -d /g' -e 's/, / \\\n/g' ``` -2. Visually inspect the list to ensure the list looks correct. Ensure that the original certs common name is covered. +2) Visually inspect the list to ensure the list looks correct. Ensure that the original certs common name is covered. -3. Run certbot, naming the **git.services.wit.com** cert as the one to be updated, and providing the **full list of domains the cert covers** +3) Run certbot, naming the **git.services.wit.com** cert as the one to be updated, and providing the **full list of domains the cert covers** ``` certbot certonly \ @@ -43,12 +43,12 @@ certbot certonly \ At this point you should see certbot making a number of challenges (domain ownership verifications), and then a "**Congratulations!**" message telling you the certs have been updated. -4. Backup the current certificate: +4) Backup the current certificate: ``` cp /etc/haproxy/certs/git.services.wit.com{,.bak.$(date +%s)} ``` -5. Combine the certificate chain and the private key. HAProxy requires a full certificate chain+key for its SSL configuration: +5) Combine the certificate chain and the private key. HAProxy requires a full certificate chain+key for its SSL configuration: ``` cat /etc/letsencrypt/live/git.services.wit.com/fullchain.pem \ @@ -56,9 +56,9 @@ cat /etc/letsencrypt/live/git.services.wit.com/fullchain.pem \ > /etc/haproxy/certs/git.services.wit.com.pem` ``` -6. Reload HAproxy +6) Reload HAproxy ``` service haproxy reload ``` -7. Test both that your new service is accepting SSL connections, as well as existing services **remain** accepting SSL connections. +7) Test both that your new service is accepting SSL connections, as well as existing services **remain** accepting SSL connections.