blob: ef32ab3bf167d344198fcc6f4852b7302dd0c97a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
# Letsencrypt
## Tags
* assigned: pjotr
* type: bug
* priority: critical
* status: open
## Tasks
* [ ] gn2-zach
* [ ] production
* [X] letsencrypt is failing on P2 and Tux01 (expiry Nov12)
- letsencrypt was down
* [X] ucscbrowser needs a certificate (now forwards http -> https)
## Notes
### Reopen
I reopened the task to migrate production to https fully. Started with gn2-zach's testing
instance and redirected http -> https with letsencrypt. Errors show in browser console that
the menu loader is hard coded, for example.
```
Blocked loading mixed active content “http://gn2-zach.genenetwork.org/api4//menu/generate/json”
```
That needs to be updated in settings.
See also
=> ../redirect-http-to-https.gmi
### Setup
```
certbot --nginx -d host.genenetwork.org
```
```
certbot renew --dry-run
```
CRON, for example
```
22 4 * * 3 sheepdog_run.rb -c '/usr/bin/certbot renew --quiet' --always --tag CERTBOT >> ~/cron.log 2>&1
```
Add certificate
```
certbot certonly --nginx --agree-tos --preferred-challenges http -d ucscbrowser.genenetwork.org --register-unsafely-without-email
```
|
