the SSL on my new Saidit instance

submitted by portcity from self.SaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (9 children)

I tried to run certbot again and got the following errors: https://pastebin.com/50NdbGTn So then I decided to change the lines you listed above in /etc/nginx/sites-available/reddit-ssl and I got these errors: https://pastebin.com/KHPT94z7 As for this recent era in free speech ... I can't get over how the Trump people are both destroying our free speech protections (with Sesta/Fosta, lots of other examples) and simultaneously trying to claim to be free speech victims, when they are challenged or rejected for their views. It's sickening. Thanks again -- J

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

Try running certbot like this:

$ sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

Although you don't need all of these subdomains. The DNS challenge bit means you will need to add DNS records with your domain registrar. Certbot will tell you exactly what to add.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I just can't seem to get this right. After installing certbot, and running the long command quoted above, and entering 4 TXT files at my domain registrar, I get these errors: https://pastebin.com/HHcVnJB9

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

You've gotta use your own domain, not SaidIt.net ! You will need to update those DNS records when you try again.

[–]portcity[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (5 children)

lmao how fast can I wear out my welcome ... I'm certainly trying, aren't I?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

Hahahaha nope. I've had much more difficult support scenarios. It's a tricky platform.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

YAY! The long command was a success. I got this:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/portcity.online/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/portcity.online/privkey.pem Your cert will expire on 2019-10-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run "certbot renew"

However when I test the site at SSL Lab, I get these errors: https://www.ssllabs.com/ssltest/analyze.html?d=portcity.online&hideResults=on#whyNotTrusted

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Sweet, progress. Make sure your nginx SSL paths are correct and restart nginx. Should not print errors.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

YEAH!!! A+ Great job! https://www.ssllabs.com/ssltest/analyze.html?d=portcity.online&hideResults=on

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Wohoo! Now you're cooking with fire!