Changes

Jump to navigation Jump to search
766 bytes added ,  10:01, 5 October 2020
Line 1: Line 1: −
{{Languages}}
+
{{Languages|Letsencrypt}}
 
{{Level|Medium}}
 
{{Level|Medium}}
 
==Introduction==
 
==Introduction==
Line 197: Line 197:     
If it prints only "# INFO: Using main config file /etc/dehydrated/config" and returns you to the shell prompt, see [[Bugzilla:10300]].
 
If it prints only "# INFO: Using main config file /etc/dehydrated/config" and returns you to the shell prompt, see [[Bugzilla:10300]].
 +
 +
{{Note box|Solution for error "Malformed account ID in KeyID header URL" using API 2, for contrib versions 0.6.13 or older See [[Bugzilla:10828]] or update to latest contrib}}
    
If this runs without errors, try to connect to your server-manager page.  You should see an error that the security certificate wasn't issued by a trusted certification authority; this is perfectly normal.  However, there should be a certificate, it should include all the hostnames you wanted included, and it should be valid for the next ninety days.  If this was successful, proceed to production.
 
If this runs without errors, try to connect to your server-manager page.  You should see an error that the security certificate wasn't issued by a trusted certification authority; this is perfectly normal.  However, there should be a certificate, it should include all the hostnames you wanted included, and it should be valid for the next ninety days.  If this was successful, proceed to production.
Line 369: Line 371:     
Once you've made these changes, do:
 
Once you've made these changes, do:
 +
signal-event post-upgrade
 +
signal-event reboot
 +
 +
Also see
 +
 +
https://wiki.contribs.org/Useful_Commands#How_to_simply_recreate_the_certificate_for_SME_Server
 +
 +
rm /home/e-smith/ssl.{crt,key,pem}/*
 +
config delprop modSSL CommonName
 +
config delprop modSSL crt
 +
config delprop modSSL key
 
  signal-event post-upgrade
 
  signal-event post-upgrade
 
  signal-event reboot
 
  signal-event reboot
Line 515: Line 528:  
===Obtaining certificates for other servers===
 
===Obtaining certificates for other servers===
 
The dehydrated client can be used to obtain certificates for other servers on your network, if the hostnames resolve (from outside your network) to your SME Server.  Here's how to do this using the smeserver-letsencrypt contrib.
 
The dehydrated client can be used to obtain certificates for other servers on your network, if the hostnames resolve (from outside your network) to your SME Server.  Here's how to do this using the smeserver-letsencrypt contrib.
 +
 +
====Hosts and Domains====
 +
{{Note box| This section is not necessary as far as I am aware. You should just be able to set a host with "HostType local" and an InternalIP address as letsencryptSSLcert enabled and then regenerate domains.txt}}
    
You'll need to create two template fragments: one to add your hostname to /etc/dehydrated/domains.txt, and the second to handle the certificate once it's generated.  To create the first, do
 
You'll need to create two template fragments: one to add your hostname to /etc/dehydrated/domains.txt, and the second to handle the certificate once it's generated.  To create the first, do
Line 526: Line 542:     
Then Ctrl-X to exit, Y to save.
 
Then Ctrl-X to exit, Y to save.
 +
 +
====Hook Script deployment====
    
The second template fragment will be a portion of the hook script, so the dehydrated client knows what to do with this certificate.  This must be present, otherwise dehydrated will configure your SME server to use this certificate rather than the certificate for the SME Server.
 
The second template fragment will be a portion of the hook script, so the dehydrated client knows what to do with this certificate.  This must be present, otherwise dehydrated will configure your SME server to use this certificate rather than the certificate for the SME Server.
Line 647: Line 665:  
{{#smechangelog:smeserver-letsencrypt}}
 
{{#smechangelog:smeserver-letsencrypt}}
    +
[[Category:Contrib]]
 
[[Category:Howto]]  
 
[[Category:Howto]]  
 
[[Category:Security]]
 
[[Category:Security]]
 
[[Category: Administration:Certificates]]
 
[[Category: Administration:Certificates]]

Navigation menu