you are viewing a single comment's thread.

view the rest of the comments →

[–]portcity[S] 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (14 children)

/home/reddit/src/reddit/r2/development.update

Really admire your commitment to these principles. Here is the development.update file: https://pastebin.com/7ErubFaD And here is the nginx: https://pastebin.com/5Z3Suycu So grateful to you!

[–]d3rr 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (13 children)

I thought that respecting "free speech" was a widely shared principle, but after a couple of years of Trump everyone is dropping like flies. Anyway...

Your development.update looks good as far as SSL and your domain name. For nginx, we need to update the paths to your SSL cert (in /etc/nginx/sites-available/reddit-ssl) and then restart nginx.

So change:

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

To something like this, depending on where your cert ended up. Certbot prints where it is at the end, but it's probably:

ssl_certificate /etc/letsencrypt/live/portcity.online/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/portcity.online/privkey.pem;

And then run the old

$ sudo service nginx restart

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (12 children)

I tried to run certbot again and got the following errors: https://pastebin.com/50NdbGTn So then I decided to change the lines you listed above in /etc/nginx/sites-available/reddit-ssl and I got these errors: https://pastebin.com/KHPT94z7 As for this recent era in free speech ... I can't get over how the Trump people are both destroying our free speech protections (with Sesta/Fosta, lots of other examples) and simultaneously trying to claim to be free speech victims, when they are challenged or rejected for their views. It's sickening. Thanks again -- J

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (11 children)

Try running certbot like this:

$ sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

Although you don't need all of these subdomains. The DNS challenge bit means you will need to add DNS records with your domain registrar. Certbot will tell you exactly what to add.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I got sudo: certbot: command not found :(

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

I will add this stuff to the README

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I just can't seem to get this right. After installing certbot, and running the long command quoted above, and entering 4 TXT files at my domain registrar, I get these errors: https://pastebin.com/HHcVnJB9

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

You've gotta use your own domain, not SaidIt.net ! You will need to update those DNS records when you try again.

[–]portcity[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (5 children)

lmao how fast can I wear out my welcome ... I'm certainly trying, aren't I?

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

Hahahaha nope. I've had much more difficult support scenarios. It's a tricky platform.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

YAY! The long command was a success. I got this:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/portcity.online/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/portcity.online/privkey.pem Your cert will expire on 2019-10-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run "certbot renew"

However when I test the site at SSL Lab, I get these errors: https://www.ssllabs.com/ssltest/analyze.html?d=portcity.online&hideResults=on#whyNotTrusted

[–]d3rr 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Sweet, progress. Make sure your nginx SSL paths are correct and restart nginx. Should not print errors.