# Letsencrypt

## Tags

* assigned: pjotr
* type: bug
* priority: critical
* status: open

## Tasks

* [ ] gn2-zach
* [ ] gn2-test
* [ ] production
* [X] letsencrypt is failing on P2 and Tux01 (expiry Nov12)
  - letsencrypt was down
* [X] ucscbrowser needs a certificate (now forwards http -> https)

## Notes

### Reopen

I reopened the task to migrate production to https fully. Started with gn2-zach's testing
instance and redirected http -> https with letsencrypt. Errors show in browser console that
the menu loader is hard coded, for example.

```
Blocked loading mixed active content “http://gn2-zach.genenetwork.org/api4//menu/generate/json”
```

That needs to be updated in settings.

See also

=> ../redirect-http-to-https.gmi

### gn2-test

I also added a path to tux02 with gn2-test.genenetwork.org at
port 5010 for testing.

### Setup

```
certbot --nginx -d host.genenetwork.org
```

```
certbot renew --dry-run
```

CRON, for example

```
22 4 * * 3 sheepdog_run.rb -c '/usr/bin/certbot renew --quiet' --always --tag CERTBOT >> ~/cron.log 2>&1
```

Add certificate

```
certbot certonly --nginx --agree-tos --preferred-challenges http -d ucscbrowser.genenetwork.org --register-unsafely-without-email
```