Yes, the cron job (cert-renew.sh) should be run daily/nightly by root, content:
cerbot renew
openssl pkcs12 -export -out /etc/letsencrypt/live/certificate.p12 -inkey /etc/letsencrypt/live/try.freemarker.apache.org/privkey.pem -in
/etc/letsencrypt/live/try.freemarker.apache.org/cert.pem
Saturday, May 19, 2018, 1:42:57 PM, Jacques Le Roux wrote:
> Inline...
>
> Le 19/05/2018 à 12:02, Daniel Dekany a écrit :
>> Saturday, May 19, 2018, 11:08:36 AM, Jacques Le Roux wrote:
>>
>>> Yes, the cron job (cert-renew.sh) should be run daily/nightly by root,
>>> content:
>>>
>>> cerbot renew
Saturday, May 19, 2018, 11:08:36 AM, Jacques Le Roux wrote:
> Yes, the cron job (cert-renew.sh) should be run daily/nightly by root,
> content:
>
> cerbot renew
> openssl pkcs12 -export -out /etc/letsencrypt/live/certificate.p12
> -inkey
Now https works, and only the cron job and documenting things on the
cwiki is missing (the copy-paste cron script mostly, I guess).
Thursday, May 17, 2018, 7:47:20 PM, Daniel Dekany wrote:
> Thursday, May 17, 2018, 3:05:02 PM, Jacques Le Roux wrote:
>
>> Le 17/05/2018 à 09:04, Jacques Le Roux a
Le 19/05/2018 à 14:16, Daniel Dekany a écrit :
I thinkhttps://svn.apache.org/repos/private/pmc/freemarker better fits for all
private things
For instance the cron job copy and all the rest. And simply refer to private
things from the wiki
For try.freemarker these security things doesn't
Le 19/05/2018 à 12:04, Daniel Dekany a écrit :
Saturday, May 19, 2018, 11:53:04 AM, Jacques Le Roux wrote:
Ah, not a big deal, but should we not restrict read (640) on
/opt/fmonlinetester/etc/freemarker-online.yml ?
It contains the cert secret key...
Sure, go ahead.
Done, I have also