NEWCERT

Process we use for renewing certificates


tags

documentation
plan9
safe
technology
white

process compiled from the excellent guides below.this process is predecated on already having done some legwork on the initial setup(from the guides below) which is not repeated as it's no longer needed.


First on linux machine run: Certbot certonly --manual -d Cybersavior.dev -d *.Cybersavior.dev Follow the certification process until the challenge requiring adding to .wellknown in http server. Drawterm into Temuorin Reboot Temuorin to take ip/httpd/httpd down That this works it not ideal, it should be setup as a service, but I have had issues making that work and in this specific case it's good, because the challenge requires http, but .dev domains require https normally so I don't run http at all normally. Killing nobody processes is annoying so reboot is easier in my opinion Once Temuorin comes up run Ip/httpd/httpd then add the challenge file to /usr/www Finish challenge process after verifying it can be wget-ed in linux Open a sudo drawterm into myugii Cd /sys/lib/tls/ Cp /mnt/term/etc/letsencrypt/live/Cybersavior.dev/privkey.pem ./ Cp /mnt/term/etc/letsencrypt/live/Cybersavior.dev/fullchain.pem ./cert Rm key Auth/pemdecode 'PRIVATE KEY' privkey.pem | auth/asn12rsa -t 'service=tls role=client' > key Rm privkey.pem Chmod 400 key Reboot (i don't think it's strictly necessary, but I wanna make sure the new key is being used and this is all working proper) We no longer need the sudo drawterm for myugii Then back to Temuorin to start httpd Ip/httpd/httpd -c /sys/lib/tls/cert -C /sys/lib/tls/cert .

additional links

plan9 lets encrypt guide (rc-httpd)
9grid https guide (httpd)

incoming references

INDEX
META