summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvarac <varacanero@zeromail.org>2016-04-04 14:27:04 +0200
committervarac <varacanero@zeromail.org>2016-04-04 14:27:04 +0200
commit038e14f0a3e234c83e3b7c53a5d8e721de066142 (patch)
tree096f6d75c298d80587e233f77eca0f005c1103eb
parent29eca0e92952b5f6f199edeed0b84e52fec9de26 (diff)
improve letsencrypt howto
-rw-r--r--pages/docs/platform/guide/keys-and-certificates.md22
1 files changed, 16 insertions, 6 deletions
diff --git a/pages/docs/platform/guide/keys-and-certificates.md b/pages/docs/platform/guide/keys-and-certificates.md
index 327f8b0..bde2682 100644
--- a/pages/docs/platform/guide/keys-and-certificates.md
+++ b/pages/docs/platform/guide/keys-and-certificates.md
@@ -21,7 +21,7 @@ All of these files should be committed to source control.
If you rename, remove, or add a node with `leap node [mv|add|rm]` the SSH key files and the `known_hosts` file will get properly updated.
SSH and local nodes
------------------------------
+-------------------
Local nodes are run as Vagrant virtual machines. The `leap` command handles SSH slightly differently for these nodes.
@@ -236,13 +236,23 @@ Fetch the certs
server$ ./letsencrypt-auto certonly --standalone --email admin@$(hostname -d) -d $(hostname -d) -d api.$(hostname -d) -d $(hostname -f) -d nicknym.$(hostname -d)
-This will put the certs and keys into `/etc/letsencrypt/live/DOMAIN/`, from where they need to get copied over to your workstation's provider config directory.
+This will put the certs and keys into `/etc/letsencrypt/live/DOMAIN/`.
-The place where you need to put them in your provider config are:
+Now, go to your workstation's provider configuration directory and copy the newly create files from the server to your local config:
-- Certificate: `/etc/letsencrypt/live/DOMAIN/cert.pem` from the server to `files/cert/dev.pixelated-project.org.crt` in your provider config
-- Private key: `/etc/letsencrypt/live/DOMAIN/privkey.pem` from the server to `files/cert/DOMAIN.key` in your provider config
-- CA Chain cert: `/etc/letsencrypt/live/DOMAIN/fullchain.pem` `files/cert/commercial_ca.crt` in your provider config
+ workstation$ cd PATH_TO_PROVIDER_CONFIG
+
+Copy the Certificate
+
+ workstation$ scp root@SERVER:/etc/letsencrypt/live/DOMAIN/cert.pem files/cert/dev.pixelated-project.org.crt
+
+Copy the private key
+
+ workstation$ scp root@SERVER:/etc/letsencrypt/live/DOMAIN/privkey.pem files/cert/DOMAIN.key
+
+Copy the CA chain cert
+
+ workstation$ scp root@SERVER:/etc/letsencrypt/live/DOMAIN/fullchain.pem files/cert/DOMAIN.key
Deploy the certs
----------------