Versions Compared

Old Version 14

changes.mady.by.user Sri Maurya Kummamuru

Saved on

compared with

New Version 15

changes.mady.by.user Sri Maurya Kummamuru

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
firstline1
titleCertification Example
root@ubuntu:~# sudo apt-get update
root@ubuntu:~# sudo apt-get -y install nginx
root@ubuntu:~# wget https://dl.eff.org/certbot-auto
root@ubuntu:~# chmod a+x certbot-auto
root@ubuntu:~# ./certbot-auto
root@ubuntu:~# ./certbot-auto certonly --webroot -w /usr/share/nginx/html -d demonodepublicdns

                                                             ┌────────────────────────────┐
                                                             │ Enter email address (used  │  
                                                             │ for urgent notices and     │  
                                                             │ lost key recovery)         │  
                                                             │ ┌────────────────────────┐ │  
                                                             │ │xxxx@xxxx.xx            │ │  
                                                             │ └────────────────────────┘ │  
                                                             ├────────────────────────────┤  
                                                             │   <  OK  >  <Cancel>       │  
                                                             └────────────────────────────┘                                                                           
                                         ┌───────────────────────────────────────────────────────────────────┐
                                         │ Please read the Terms of Service at                               │  
                                         │ https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. │  
                                         │ You must agree in order to register with the ACME server at       │  
                                         │ https://acme-v01.api.letsencrypt.org/directory                    │  
                                         ├───────────────────────────────────────────────────────────────────┤  
                                         │                   <Agree >          <Cancel>                      │  
                                         └───────────────────────────────────────────────────────────────────┘  

                                                                                                               

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/demonodepublicdns/fullchain.pem. Your cert
   will expire on 2016-09-29. To obtain a new or tweaked version of
   this certificate in the future, simply run letsencrypt-auto again.
   To non-interactively renew *all* of your certificates, run
   "letsencrypt-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
root@ubuntu:/opt/letsencrypt# ls /etc/letsencrypt/live/demonodepublicdns/
cert.pem  chain.pem  fullchain.pem  privkey.pem

Renewing the Certificates:

Renewing the Certificates on a DATIM Global

  • Renew the certificates on global server
  • Replace these with the certificates in OpenHIM Certificates tab
  • Replace these with the certificates in OpenHIM clients

Renewing the Certificates on a DATIM node

  • Renew the certificates on node server

    Code Block
    languagebash
    firstline1
    titleRenew Certificate for node
    maurya@ls:~$ wget https://dl.eff.org/certbot-auto
--2017-02-14 15:54:52--  https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46789 (46K) [application/octet-stream]
Saving to: ‘certbot-auto’
100%[===========================================================================================================>] 46,789      30.5KB/s   in 1.5s   
2017-02-14 15:55:05 (30.5 KB/s) - ‘certbot-auto’ saved [46789/46789]
maurya@ls:~$ chmod a+x certbot-auto
maurya@ls:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ls.datim4u.org
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ls.datim4u.org/fullchain.pem. Your cert will
   expire on 2017-05-15. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
maurya@ls:~$ sudo vim /etc/nginx/sites-available/datim 
maurya@ls:~$ sudo service nginx restart
 * Restarting nginx nginx                                                                                                                   [ OK ] 
maurya@ls:~$ sudo service openhim-core restart
openhim-core stop/waiting
openhim-core start/running, process 25326
maurya@ls:~$ sudo service nginx restart
maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync
openhim-mediator-openinfoman-dhis2-sync start/running, process 4508
  • Replace these with the certificates in OpenHIM Certificates tab
  • Replace these with the certificates in OpenHIM global
  • Select the newly added certificate in global OpenHIM to the client for the node
  • Update the new certificate and key in the sync-mediator in the node OpenHIM