Jacques Le Roux created OFBIZ-7928:
--------------------------------------
Summary: Use "Let's encrypt" for OFBiz demos SSL/TLS certificates
Key: OFBIZ-7928
URL: https://issues.apache.org/jira/browse/OFBIZ-7928
Project: OFBiz
Issue Type: Task
Reporter: Jacques Le Roux
Assignee: Jacques Le Roux
This is a transtion from INFRA-11960
{quote}
After some tries, I have finally decided to adapt and use
http://blog.ivantichy.cz/blogpost/view/74 which is the most convenient way for
OFBiz
Since we need to use SANs (for demo-trunk-ofbiz.apache.org,
demo-stable-ofbiz.apache.org and demo-old-ofbiz.apache.org which are actually
OFBiz instances using different set of ports), I will try to use "-d
ofbiz-vm.apache.org" as 1st "-d" argument and if that does not work I'll simply
use the "-d" parameter with the other sub-domains only. What I actually need is
a renewable certificate in the OFBiz Java keystore (ofbiz.jks) with the SANs
present. From my experiences, the (adapted) script above should provide me that.
{quote}
Maybe another possibility would be to install our own HTTPS and use the
instructions provided by Sam Ruby in INFRA-11960. I have to balance the work
with adapting the script I refered to above.
{quote}
The EFF has published new instructions:
https://certbot.eff.org/#ubuntutrusty-apache
FWIW, I had no problem moving from whimy-vm2 to whimsy-vm3. I've now got certs
for a second machine (ghmon-vm). Here's the puppet instructions to download
certbot, create a cronjob, and add use the certificates with Apache httpd:
https://github.com/apache/infrastructure-puppet/pull/107/commits/8fea8223f398a77e67173c1b0c1b06b80fe576b0
Once this is deployed, all that is left is running a single command:
certbot-auto -d host1.apache.org -d host2.apache.org... and answering two
prompts (you need to provide an email address and to indicate that you have
read the terms of service).
{quote}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
