commit ec9418f3159308710a9ec67514ed72d26a241871 parent 5a8bf05e5558d2949aec22be936e14a73aa45b5b Author: ugrnm <ugrnm@web> Date: Tue, 10 Sep 2024 18:05:30 +0200 config notes about eik Diffstat:
| A | eik.mdwn | | | 30 | ++++++++++++++++++++++++++++++ |
1 file changed, 30 insertions(+), 0 deletions(-)
diff --git a/eik.mdwn b/eik.mdwn @@ -0,0 +1,30 @@ +Notes regarding `eik` + +http certs +---------- + +We leave the visitor the option to `http` or `https`. This is done in `nginx` with only the following instructions in each `site-enabled` config: + + listen 80; + listen 443 ssl; + +We use `acme.sh` for handling certs, however expanding certs with new domain is still not supported. The workaround is to recreate a whole new cert with all the domains. For instance: + + acme.sh --issue --nginx \ + -d eik.permacomputing.net \ + -d top.permacomputing.net \ + -d bbs.permacomputing.net \ + -d newdomain.permacomputing.net + acme.sh --install-cert \ + -d eik.permacomputing.net \ + -d top.permacomputing.net \ + -d bbs.permacomputing.net \ + -d newdomain.permacomputing.net \ + --key-file /etc/nginx/certs/key.pem \ + --fullchain-file /etc/nginx/certs/cert.pem \ + --reloadcmd "systemctl force-reload nginx" + +Our `acme.sh` makes use of letsencrypt CA servers, as the default one from ZeroSSL keeps on being fussy. The setting was changes like this: + + acme.sh --set-default-ca --server letsencrypt +