jcarr
/
wit-letsencrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix numbering for Gogs vs Github flavored markdown

This commit is contained in:
Tim Sogard 2018-05-09 22:29:41 -04:00
parent 8531f1aebd
commit 88adb9e381
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
letsencrypt/README.md
View File

@ -17,16 +17,16 @@ Assumptions:
To update the certificate modify the list of domain arguments (`-d foo.com`) below and use the following process:
1. Acquire the list of domains the **current certificate** is responsible for formatted as arguments to `certbot`:
1) Acquire the list of domains the **current certificate** is responsible for formatted as arguments to `certbot`:
```
openssl x509 -in /etc/haproxy/certs/git.services.wit.com.pem -noout -text \
| grep DNS: \
| sed -e 's/^\s*//' -e 's/DNS:/ -d /g' -e 's/, / \\\n/g'
```
2. Visually inspect the list to ensure the list looks correct. Ensure that the original certs common name is covered.
2) Visually inspect the list to ensure the list looks correct. Ensure that the original certs common name is covered.
3. Run certbot, naming the **git.services.wit.com** cert as the one to be updated, and providing the **full list of domains the cert covers**
3) Run certbot, naming the **git.services.wit.com** cert as the one to be updated, and providing the **full list of domains the cert covers**
```
certbot certonly \
@ -43,12 +43,12 @@ certbot certonly \
At this point you should see certbot making a number of challenges (domain ownership verifications), and then a "**Congratulations!**" message telling you the certs have been updated.
4. Backup the current certificate:
4) Backup the current certificate:
```
cp /etc/haproxy/certs/git.services.wit.com{,.bak.$(date +%s)}
```
5. Combine the certificate chain and the private key. HAProxy requires a full certificate chain+key for its SSL configuration:
5) Combine the certificate chain and the private key. HAProxy requires a full certificate chain+key for its SSL configuration:
```
cat /etc/letsencrypt/live/git.services.wit.com/fullchain.pem \
@ -56,9 +56,9 @@ cat /etc/letsencrypt/live/git.services.wit.com/fullchain.pem \
> /etc/haproxy/certs/git.services.wit.com.pem`
```
6. Reload HAproxy
6) Reload HAproxy
```
service haproxy reload
```
7. Test both that your new service is accepting SSL connections, as well as existing services **remain** accepting SSL connections.
7) Test both that your new service is accepting SSL connections, as well as existing services **remain** accepting SSL connections.