This repository has been archived by the owner on Jul 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
SSL Certificate Renewal
Emran BatmanGhelich edited this page May 22, 2022
·
6 revisions
Sahabee currently uses Let's Encrypt for establishing a secure SSL connection.
Let's Encrypt currently issues 3-month certificates as a free plan. So it's necessary to keep the certificates up to date every 3 months (or more frequently) by going through the renewal process.
The renewal procedure needs access to DNS panel, which currently is just granted to Sahab IT Service Desk. To update DNS records, keep in touch with them.
Here are the steps to renew sahabee.ir certificates in production:
- Make sure the certbot is installed in your local machine.
- Run
sudo certbot certonly --preferred-challenges dns --manualand keep going on with the interactive procedure.- Make sure you enter both
sahabee.irandapi.sahabee.irwhen requested.
- Make sure you enter both
- Certbot will ask you to add a specific TEXT record into the DNS settings of
sahabee.ir. - After adding the record just continue the certbot procedure to finish out. The certbot will generate
fullchain.pemandprivkey.pemfiles alongside some other files. - Update the SSL_FULL_CHAIN_FILE and SSL_PRIVATE_KEY_FILE environment variables with the content of new
fullchain.pemandprivkey.pemfiles, respectively. - Run the Update SSL certs workflow. It will replace the new certificates at Nemo server.
Let the good times roll!