Versions Compared

Old Version 15

changes.mady.by.user Sri Maurya Kummamuru

Saved on

compared with

New Version 16

changes.mady.by.user Sri Maurya Kummamuru

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Renewing the Certificates on a DATIM Global

  • Renew the certificates on global server

    Code Block
    languagebash
    titleRenewing certificates on Global
    maurya@test3:~$ chmod a+x certbot-auto
maurya@test3:~$ wget https://dl.eff.org/certbot-auto
maurya@test3:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/test3.global.ohie.datim.org.conf certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for test3.global.ohie.datim.org
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Unable to clean up challenge directory /usr/share/nginx/html/.well-known/acme-challenge
Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/test3.global.ohie.datim.org/fullchain.pem.
   Your cert will expire on 2017-05-14. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
maurya@test3:~$ sudo vim nginx.conf 
maurya@test3:~$ sudo vim /etc/nginx/nginx.conf 
maurya@test3:~$ sudo vim /etc/nginx/sites-available/openhim-console 
maurya@test3:~$ sudo service nginx restart
 * Restarting nginx nginx                                                                                                                     [ OK ] 
maurya@test3:~$ sudo restart openhim-core
openhim-core start/running, process 963
  • Replace these with the certificates in OpenHIM Certificates tab
  • Replace these with the certificates in OpenHIM clients

...

  • Renew the certificates on node server

    Code Block
    languagebash
    firstline1
    titleRenew Certificate for node
    maurya@ls:~$ wget https://dl.eff.org/certbot-auto
--2017-02-14 15:54:52--  https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46789 (46K) [application/octet-stream]
Saving to: ‘certbot-auto’
100%[===========================================================================================================>] 46,789      30.5KB/s   in 1.5s   
2017-02-14 15:55:05 (30.5 KB/s) - ‘certbot-auto’ saved [46789/46789]
maurya@ls:~$ chmod a+x certbot-auto
maurya@ls:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ls.datim4u.org
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ls.datim4u.org/fullchain.pem. Your cert will
   expire on 2017-05-15. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
maurya@ls:~$ sudo vim /etc/nginx/sites-available/datim 
maurya@ls:~$ sudo service nginx restart
 * Restarting nginx nginx                                                                                                                   [ OK ] 
maurya@ls:~$ sudo service openhim-core restart
openhim-core stop/waiting
openhim-core start/running, process 25326
maurya@ls:~$ sudo service nginx restart
maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync
openhim-mediator-openinfoman-dhis2-sync start/running, process 4508service nginx restart
  • Replace these with the certificates in OpenHIM Certificates tab
  • Replace these with the certificates in OpenHIM global
  • Select the newly added certificate in global OpenHIM to the client for the node
  • Update the new certificate and key in the sync-mediator in the node OpenHIM

  • Restart the mediator

    Code Block
    languagebash
    titleRestarting the mediator
    maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync
openhim-mediator-openinfoman-dhis2-sync start/running, process 4508