Child pages
  • How to renew the letsencrytp demos certificates

Access to add and change pages is restricted. See: https://cwiki.apache.org/confluence/display/OFBIZ/Wiki+access

Skip to end of metadata
Go to start of metadata

It's is necessary to manually renew the letsencrytp as long as there is no auto-cert for Puppet 6. See INFRA-18926 - Getting issue details... STATUS for more details

Here are the steps

  1. Connect as root on the server, see The official demos and how to maintain them
  2. Then follow this example

root@ofbiz-vm3:~# certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: demo-old.ofbiz.apache.org
2: demo-stable.ofbiz.apache.org
3: demo-trunk.ofbiz.apache.org
4: ofbiz-bigfiles.apache.org
5: ofbiz-vm3.apache.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):


Here use blank to select all


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/ofbiz-vm3.apache.org.conf)

It contains these names: ofbiz-vm3.apache.org, demo-old.ofbiz.apache.org,
demo-stable.ofbiz.apache.org, demo-trunk.ofbiz.apache.org

You requested these names for the new certificate: demo-old.ofbiz.apache.org,
demo-stable.ofbiz.apache.org, demo-trunk.ofbiz.apache.org,
ofbiz-bigfiles.apache.org, ofbiz-vm3.apache.org.

Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E


Here you enter E for expand


Renewing an existing certificate
Performing the following challenges:
http-01 challenge for demo-old.ofbiz.apache.org
http-01 challenge for demo-stable.ofbiz.apache.org
http-01 challenge for demo-trunk.ofbiz.apache.org
http-01 challenge for ofbiz-vm3.apache.org
http-01 challenge for ofbiz-bigfiles.apache.org
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/25-ofbiz-old-vm3-443.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/25-ofbiz-stable-vm3-443.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/25-ofbiz-trunk-vm3-443.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/25-ofbiz-vm-bigfiles-443.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-enabled/25-ofbiz-vm-bigfiles-443.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1


Here you select 1 for No redirect

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains:
https://demo-old.ofbiz.apache.org, https://demo-stable.ofbiz.apache.org,
https://demo-trunk.ofbiz.apache.org, https://ofbiz-bigfiles.apache.org, and
https://ofbiz-vm3.apache.org

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=demo-old.ofbiz.apache.org
https://www.ssllabs.com/ssltest/analyze.html?d=demo-stable.ofbiz.apache.org
https://www.ssllabs.com/ssltest/analyze.html?d=demo-trunk.ofbiz.apache.org
https://www.ssllabs.com/ssltest/analyze.html?d=ofbiz-bigfiles.apache.org
https://www.ssllabs.com/ssltest/analyze.html?d=ofbiz-vm3.apache.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/ofbiz-vm3.apache.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/ofbiz-vm3.apache.org/privkey.pem
Your cert will expire on 2020-02-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

root@ofbiz-vm3:~#

Done (smile)