summaryrefslogtreecommitdiff
path: root/issues/systems/letsencrypt.gmi
blob: 58cd6fd13058931f63e859bb6d9ddb9815014c1a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Letsencrypt

## Tags

* assigned: pjotr
* type: bug
* priority: critical
* status: open

## Tasks

* [ ] gn2-zach
* [ ] gn2-test
* [ ] production
* [X] letsencrypt is failing on P2 and Tux01 (expiry Nov12)
  - letsencrypt was down
* [X] ucscbrowser needs a certificate (now forwards http -> https)

## Notes

### Reopen

I reopened the task to migrate production to https fully. Started with gn2-zach's testing
instance and redirected http -> https with letsencrypt. Errors show in browser console that
the menu loader is hard coded, for example.

```
Blocked loading mixed active content “http://gn2-zach.genenetwork.org/api4//menu/generate/json”
```

That needs to be updated in settings.

See also

=> ../redirect-http-to-https.gmi

### gn2-test

I also added a path to tux02 with gn2-test.genenetwork.org at
port 5010 for testing.

### Setup

```
certbot --nginx -d host.genenetwork.org
```

```
certbot renew --dry-run
```

CRON, for example

```
22 4 * * 3 sheepdog_run.rb -c '/usr/bin/certbot renew --quiet' --always --tag CERTBOT >> ~/cron.log 2>&1
```

Add certificate

```
certbot certonly --nginx --agree-tos --preferred-challenges http -d ucscbrowser.genenetwork.org --register-unsafely-without-email
```