|April 13th, 2016|
|https, tech [html]|
The certificates only last for three months, and I don't have automated renewal set up, so the https site might go down briefly every so often for the cert being out-of-date if I forget to renew. Once I sort this out I can redirect the http site to https, but I'm wary of doing it before then.
letsencrypt-auto command I'm using is:
letsencrypt/letsencrypt-auto certonly \ --webroot \ -w /var/www/ -d www.jefftk.com \ -d jefftk.com \ -w /var/www-fr/ -d www.freeraisins.com \ -d freeraisins.com \ -w /var/www-lw/ -d www.lilywise.com \ -d lilywise.com \ -w /var/www-tc/ -d www.trycontra.com \ -d trycontra.com \ -w /var/www-aw/ -d www.annakaufmanwise.com \ -d annakaufmanwise.com \ --email firstname.lastname@example.org \ --agree-tos
This puts files on each of my domains under
and tells the CA server about them. The CA server can verify that the
files are actually reachable, through both the
www and bare
hostnames, and issue the certificate. I'm having it issue one SAN
certificate for all of the sites, which makes certificate managemant
Reading the docs now, it sounds like after running that command once
it's sufficient to use
letsencrypt-auto renew. It
remembers the configuration, used to get the certs, and asks for new
ones they're close to expiring. I've put
&& service nginx restart in root's
crontab, but I'm not
confident yet that it will work.
When I first set this up I had some mixed content issues and problems
with links taking you to the http version of the site. Over the years
various scripts had ended up generating absolute urls instead of
relative ones  so I needed to through and remove all text
At this point I'm pretty happy, except for the renewal story.
 This site started out under
which would sometimes redirect people to
depending on current configuration, which meant I couldn't use
site-relative urls. I haven't been on
sccs for years,
but things stick around.