the SSL on my new Saidit instance

submitted by portcity from (self.SaidIt)

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (8 children)

Try running certbot like this:

$ sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

Although you don't need all of these subdomains. The DNS challenge bit means you will need to add DNS records with your domain registrar. Certbot will tell you exactly what to add.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (7 children)

sudo certbot certonly --manual --preferred-challenges dns -d saidit.net -d www.saidit.net -d m.saidit.net -d oauth.saidit.net

I just can't seem to get this right. After installing certbot, and running the long command quoted above, and entering 4 TXT files at my domain registrar, I get these errors: https://pastebin.com/HHcVnJB9

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (6 children)

You've gotta use your own domain, not SaidIt.net ! You will need to update those DNS records when you try again.

[–]portcity[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (5 children)

lmao how fast can I wear out my welcome ... I'm certainly trying, aren't I?

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (4 children)

Hahahaha nope. I've had much more difficult support scenarios. It's a tricky platform.

[–]portcity[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (3 children)

YAY! The long command was a success. I got this:

IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/portcity.online/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/portcity.online/privkey.pem Your cert will expire on 2019-10-17. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew all of your certificates, run "certbot renew"

However when I test the site at SSL Lab, I get these errors: https://www.ssllabs.com/ssltest/analyze.html?d=portcity.online&hideResults=on#whyNotTrusted

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

Sweet, progress. Make sure your nginx SSL paths are correct and restart nginx. Should not print errors.

[–]portcity[S] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

YEAH!!! A+ Great job! https://www.ssllabs.com/ssltest/analyze.html?d=portcity.online&hideResults=on

[–][deleted] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

Wohoo! Now you're cooking with fire!