ssl-certificates-with-lets-encrypt.muse

#pubdate 2017-11-26 13:13:52 +0100
#title SSL certificates
#lang en
#topics howto, doc
#teaser Automatically retrieve Let's encrypt certificates

By default, during the installation a self-signed certificate is
created. This should be good enough to get you started.

You can set the path to the key and certificate in the admin console,
if you already have them.

If you don't have the certificate, you can request a free, valid, and
hassle-free certificate from Let's Encrypt, turning on the option in
the admin console.

Once enabled, the LE certificates will be checked by the amusewiki
daemon once a day, and renewed automatically if needed (a month before
the expiration). The problem is that you still have to reload the
webserver for the new certificates to pick up. If the logger is
sending you mail, you should see the warning.

Anyway, the debian package installs a cronjob in =/etc/cron.daily= to
reload nginx once a day to avoid the need to login and reload
manually. You should do the same. See =debian/amusewiki.cron.daily=

Procedure to create a site with SSL certificates using Let's Encrypt:

First, login in the admin and create the site.

**Edit the site and check the Let's Encrypt option on**.

Reload the webserver as per instructions.

{{{
  # this will print out the instruction to update the webserver conf
  script/amusewiki-generate-nginx-conf

  # update the nginx config as per instructions given by the above command.

  # this will fetch the certificates
  script/amusewiki-letsencrypt

  # Refresh the configuration to actually use the certificates.
  script/amusewiki-generate-nginx-conf 
}}}


If you installed amusewiki with a Debian package, the commands executed by root are:

{{{
# amusewiki generate-nginx-conf
# amusewiki letsencrypt
# amusewiki generate-nginx-conf 
}}}

(Same thing as above, but using the =amusewiki= executable, which is the correct thing to do on Debian).