Versions Compared

Old Version 21

changes.mady.by.user Uladzimir Kasacheuski

Saved on

compared with

New Version 22

changes.mady.by.user Uladzimir Kasacheuski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Renew the certificates on node server

    Code Block
    languagebash
    firstline1
    titleRenew Certificate for node
    maurya@ls:~$ wget https://dl.eff.org/certbot-auto
--2017-02-14 15:54:52--  https://dl.eff.org/certbot-auto
Resolving dl.eff.org (dl.eff.org)... 173.239.79.196
Connecting to dl.eff.org (dl.eff.org)|173.239.79.196|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 46789 (46K) [application/octet-stream]
Saving to: ‘certbot-auto’
100%[===========================================================================================================>] 46,789      30.5KB/s   in 1.5s   
2017-02-14 15:55:05 (30.5 KB/s) - ‘certbot-auto’ saved [46789/46789]
maurya@ls:~$ chmod a+x certbot-auto
maurya@ls:~$ sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for ls.datim4u.org
Using the webroot path /usr/share/nginx/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (4096 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/ls.datim4u.org/fullchain.pem. Your cert will
   expire on 2017-05-15. To obtain a new or tweaked version of this
   certificate in the future, simply run certbot-auto again. To
   non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
maurya@ls:~$ sudo vim /etc/nginx/sites-available/datim 
maurya@ls:~$ sudo service nginx restart
 * Restarting nginx nginx                                                                                                                   [ OK ] 
maurya@ls:~$ sudo service openhim-core restart
openhim-core stop/waiting
openhim-core start/running, process 25326
maurya@ls:~$ sudo service nginx restart
  • Replace these with the certificates in OpenHIM Certificates tab
  • Replace these with the certificates in OpenHIM global
  • Select the newly added certificate in global OpenHIM to the client for the node
  • Update the new certificate and key in the sync-mediator in the node OpenHIM

  • Restart the mediator

    Code Block
    languagebash
    titleRestarting the mediator
    maurya@ls:~$ sudo restart openhim-mediator-openinfoman-dhis2-sync
openhim-mediator-openinfoman-dhis2-sync start/running, process 4508

    Automatic Certificate Renewal:

Automatic certificate renewal uses a cronjob to run the update command twice a day.

...

Code Block
languagebash
titleTesting Automatic Update Command
user@ls:/var/www# sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cert.test2.ohie.org
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (4096 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
IMPORTANT NOTES:
 - The dry run was successful.

 

...

Code Block
languagebash
titleTesting Automatic Update Command
user@ls:/var/www# sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Cert not due for renewal, but simulating renewal for dry run
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for cert.test2.ohie.org
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Generating key (4096 bits): /etc/letsencrypt/keys/0009_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem
IMPORTANT NOTES:
 - The dry run was successful.

Automatic Certificate Renewal:

Automatic certificate renewal uses a cronjob to run the update command twice a day.

          1. Ensure the following command returns successfully. It will not make any changes. It will be used in the cronjob to update the certificate if it is in need of renewal.

...