-
Notifications
You must be signed in to change notification settings - Fork 1
SSL Certificate Renewal
Emran BatmanGhelich edited this page Jul 22, 2022
·
1 revision
Parchin currently uses Let's Encrypt for establishing a secure SSL connection.
Let's Encrypt currently issues 3-month certificates as a free plan. So it's necessary to keep the certificates up to date every 3 months (or more frequently) by going through the renewal process.
The renewal procedure needs access to the DNS panel, which currently is managed by ArvanCloud. Only admins of that panel can update DNS records.
Here are the steps to renew myparchin.com certificates in production:
- Make sure the certbot is installed on your local machine.
- Run
sudo certbot certonly --preferred-challenges dns --manualand keep going on with the interactive procedure.- Make sure you enter both
myparchin.comandapi.myparchin.comwhen requested.
- Make sure you enter both
- Certbot will ask you to add a specific TEXT record into the DNS settings of
myparchin.com. - After adding the record just continue the certbot procedure to finish out. The certbot will generate
fullchain.pemandprivkey.pemfiles alongside some other files. - Update the SSL_FULL_CHAIN_FILE and SSL_PRIVATE_KEY_FILE environment variables with the content of new
fullchain.pemandprivkey.pemfiles, respectively. - Run the Update SSL certs workflow. It will replace the new certificates at the Parchin server.