Talk:Main Page
Jump to navigation
Jump to search
Other sites to absorb
Thunder Bay Band Wiki http://www.bandwiki.ca/mediawiki/index.php5?title=User:Tjernobyl
Ultimate goal: a building-by-building, year-by-year google earth simulation of Thunder Bay's evolution from forest to city.
Ultimate goal: every business and person in Thunder Bay, with a biography and cross-referenced, with greater priority to the older businesses and people.
Renewing the certbot HTTPS
sudo ./certbot-auto --apache # (Remember to enter 1, then 2 in the menu choices.) sudo service apache2 stop sudo service apache2 start
Add HTTPS to Curriepedia!
sudo apt-get remove certbot cd ~ sudo wget https://dl.eff.org/certbot-auto sudo chmod a+x certbot-auto sudo ./certbot-auto --apache
# choose this option: # 2: Redirect - Make all requests redirect to secure HTTPS access. sudo service apache2 restart
# Automating renewal after 15 June 2019: # From Here: https://certbot.eff.org/lets-encrypt/debianjessie-apache crontab -e
# paste this to the bottom: 0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && sudo ~/.certbot-auto renew
However, the above renew command doesn't seem to work. The explicit commands to renew were:
~/./certbot-auto renew sudo systemctl reload apache2
But if we analyze the result:
https://www.ssllabs.com/ssltest/analyze.html?d=curriepedia.org
We see it didn't work.
Details of renewing HTTPS
The correct way to renew, it seems, is to run:
sudo ./certbot-auto --apache
Here is the output if we run that command instead:
We were unable to find a vhost with a ServerName or Address of curriepedia.org. Which virtual host would you like to choose? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: adminer.conf | | HTTPS | Enabled 2: mediawiki.conf | | | Enabled 3: mediawiki.conf | | HTTPS | Enabled - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3 Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/mediawiki.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://curriepedia.org You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=curriepedia.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/curriepedia.org/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/curriepedia.org/privkey.pem Your cert will expire on 2019-06-15. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le