...
Renewing the Certificates on a DATIM Global
Renew the certificates on global server
Code Block language bash title Renewing certificates on Global maurya@test3:~$ chmod a+x certbot-auto maurya@test3:~$ wget https://dl.eff.org/certbot-auto maurya@test3:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/test3.global.ohie.datim.org.conf certonly Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for test3.global.ohie.datim.org Using the webroot path /usr/share/nginx/html for all unmatched domains. Waiting for verification... Cleaning up challenges Unable to clean up challenge directory /usr/share/nginx/html/.well-known/acme-challenge Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/test3.global.ohie.datim.org/fullchain.pem. Your cert will expire on 2017-05-14. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le maurya@test3:~$ sudo vim nginx.conf maurya@test3:~$ sudo vim /etc/nginx/nginx.conf maurya@test3:~$ sudo vim /etc/nginx/sites-available/openhim-console maurya@test3:~$ sudo service nginx restart * Restarting nginx nginx [ OK ] maurya@test3:~$ sudo restart openhim-core openhim-core start/running, process 963
- Replace these with the certificates in OpenHIM Certificates tab
- Replace these with the certificates in OpenHIM clients
...
Renew the certificates on node server
Code Block language bash firstline 1 title Renew Certificate for node maurya@ls:~$ wget https://dl.eff.org/certbot-auto --2017-02-14 15:54:52-- https://dl.eff.org/certbot-auto Resolving dl.eff.org (dl.eff.org)... 173.239.79.196 Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 46789 (46K) [application/octet-stream] Saving to: ‘certbot-auto’ 100%[===========================================================================================================>] 46,789 30.5KB/s in 1.5s 2017-02-14 15:55:05 (30.5 KB/s) - ‘certbot-auto’ saved [46789/46789] maurya@ls:~$ chmod a+x certbot-auto maurya@ls:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert is due for renewal, auto-renewing... Renewing an existing certificate Performing the following challenges: http-01 challenge for ls.datim4u.org Using the webroot path /usr/share/nginx/html for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/ls.datim4u.org/fullchain.pem. Your cert will expire on 2017-05-15. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le maurya@ls:~$ sudo vim /etc/nginx/sites-available/datim maurya@ls:~$ sudo service nginx restart * Restarting nginx nginx [ OK ] maurya@ls:~$ sudo service openhim-core restart openhim-core stop/waiting openhim-core start/running, process 25326 maurya@ls:~$ sudo service nginx restart maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync openhim-mediator-openinfoman-dhis2-sync start/running, process 4508service nginx restart
- Replace these with the certificates in OpenHIM Certificates tab
- Replace these with the certificates in OpenHIM global
- Select the newly added certificate in global OpenHIM to the client for the node
- Update the new certificate and key in the sync-mediator in the node OpenHIM
Restart the mediator
Code Block language bash title Restarting the mediator maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync openhim-mediator-openinfoman-dhis2-sync start/running, process 4508