Bladeren bron

Since letsencrypt is now automatic this isn't needed anymore

Bob Mottram 6 jaren geleden
bovenliggende
commit
6b6133d662
2 gewijzigde bestanden met toevoegingen van 31 en 68 verwijderingen
  1. 0
    11
      doc/EN/faq.org
  2. 31
    57
      website/EN/faq.html

+ 0
- 11
doc/EN/faq.org Bestand weergeven

@@ -43,7 +43,6 @@
43 43
 | [[Why isn't dynamic DNS working?]]                                                            |
44 44
 | [[How do I change my encryption settings?]]                                                   |
45 45
 | [[How do I get a domain name?]]                                                               |
46
-| [[How do I get a "real" SSL/TLS/HTTPS certificate?]]                                          |
47 46
 | [[How do I renew a Let's Encrypt certificate?]]                                               |
48 47
 | [[I tried to renew a Let's Encrypt certificate and it failed. What should I do?]]             |
49 48
 | [[Why not use the services of $company instead? They took the Seppuku pledge]]                |
@@ -306,16 +305,6 @@ service exim4 restart
306 305
 
307 306
 You should now be able to send an email from /postmaster@mynewdomainname/ and it should arrive in your inbox.
308 307
 
309
-* How do I get a "real" SSL/TLS/HTTPS certificate?
310
-If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
311
-
312
-#+begin_src bash
313
-ssh username@mydomainname -p 2222
314
-#+end_src
315
-
316
-Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
317
-
318
-One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
319 308
 * How do I renew a Let's Encrypt certificate?
320 309
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
321 310
 

+ 31
- 57
website/EN/faq.html Bestand weergeven

@@ -4,7 +4,7 @@
4 4
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 5
 <head>
6 6
 <title></title>
7
-<!-- 2018-06-16 Sat 21:18 -->
7
+<!-- 2018-06-16 Sat 21:22 -->
8 8
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
9 9
 <meta  name="generator" content="Org-mode" />
10 10
 <meta  name="author" content="Bob Mottram" />
@@ -275,39 +275,35 @@ for the JavaScript code in this tag.
275 275
 </tr>
276 276
 
277 277
 <tr>
278
-<td class="left"><a href="#sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
278
+<td class="left"><a href="#sec-27">How do I renew a Let's Encrypt certificate?</a></td>
279 279
 </tr>
280 280
 
281 281
 <tr>
282
-<td class="left"><a href="#sec-28">How do I renew a Let's Encrypt certificate?</a></td>
282
+<td class="left"><a href="#sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
283 283
 </tr>
284 284
 
285 285
 <tr>
286
-<td class="left"><a href="#sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
286
+<td class="left"><a href="#sec-29">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
287 287
 </tr>
288 288
 
289 289
 <tr>
290
-<td class="left"><a href="#sec-30">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
290
+<td class="left"><a href="#sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
291 291
 </tr>
292 292
 
293 293
 <tr>
294
-<td class="left"><a href="#sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
294
+<td class="left"><a href="#sec-31">Tor is censored/blocked in my area. What can I do?</a></td>
295 295
 </tr>
296 296
 
297 297
 <tr>
298
-<td class="left"><a href="#sec-32">Tor is censored/blocked in my area. What can I do?</a></td>
298
+<td class="left"><a href="#sec-32">I want to block a particular domain from getting its content into my social network sites</a></td>
299 299
 </tr>
300 300
 
301 301
 <tr>
302
-<td class="left"><a href="#sec-33">I want to block a particular domain from getting its content into my social network sites</a></td>
302
+<td class="left"><a href="#sec-33">The mesh system doesn't boot from USB drive</a></td>
303 303
 </tr>
304 304
 
305 305
 <tr>
306
-<td class="left"><a href="#sec-34">The mesh system doesn't boot from USB drive</a></td>
307
-</tr>
308
-
309
-<tr>
310
-<td class="left"><a href="#sec-35">Mesh system doesn't connect to the network</a></td>
306
+<td class="left"><a href="#sec-34">Mesh system doesn't connect to the network</a></td>
311 307
 </tr>
312 308
 </tbody>
313 309
 </table>
@@ -952,31 +948,9 @@ You should now be able to send an email from <i>postmaster@mynewdomainname</i> a
952 948
 </div>
953 949
 
954 950
 <div id="outline-container-sec-27" class="outline-2">
955
-<h2 id="sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
951
+<h2 id="sec-27">How do I renew a Let's Encrypt certificate?</h2>
956 952
 <div class="outline-text-2" id="text-27">
957 953
 <p>
958
-If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
959
-</p>
960
-
961
-<div class="org-src-container">
962
-
963
-<pre class="src src-bash">ssh username@mydomainname -p 2222
964
-</pre>
965
-</div>
966
-
967
-<p>
968
-Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
969
-</p>
970
-
971
-<p>
972
-One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
973
-</p>
974
-</div>
975
-</div>
976
-<div id="outline-container-sec-28" class="outline-2">
977
-<h2 id="sec-28">How do I renew a Let's Encrypt certificate?</h2>
978
-<div class="outline-text-2" id="text-28">
979
-<p>
980 954
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
981 955
 </p>
982 956
 
@@ -995,9 +969,9 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew
995 969
 </p>
996 970
 </div>
997 971
 </div>
998
-<div id="outline-container-sec-29" class="outline-2">
999
-<h2 id="sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
1000
-<div class="outline-text-2" id="text-29">
972
+<div id="outline-container-sec-28" class="outline-2">
973
+<h2 id="sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
974
+<div class="outline-text-2" id="text-28">
1001 975
 <p>
1002 976
 Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
1003 977
 </p>
@@ -1013,17 +987,17 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Creat
1013 987
 </p>
1014 988
 </div>
1015 989
 </div>
1016
-<div id="outline-container-sec-30" class="outline-2">
1017
-<h2 id="sec-30">Why not use the services of $company instead? They took the Seppuku pledge</h2>
1018
-<div class="outline-text-2" id="text-30">
990
+<div id="outline-container-sec-29" class="outline-2">
991
+<h2 id="sec-29">Why not use the services of $company instead? They took the Seppuku pledge</h2>
992
+<div class="outline-text-2" id="text-29">
1019 993
 <p>
1020 994
 <a href="https://cryptostorm.org/viewtopic.php?f=63&t=2954&sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
1021 995
 </p>
1022 996
 </div>
1023 997
 </div>
1024
-<div id="outline-container-sec-31" class="outline-2">
1025
-<h2 id="sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
1026
-<div class="outline-text-2" id="text-31">
998
+<div id="outline-container-sec-30" class="outline-2">
999
+<h2 id="sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
1000
+<div class="outline-text-2" id="text-30">
1027 1001
 <p>
1028 1002
 Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
1029 1003
 </p>
@@ -1055,9 +1029,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti
1055 1029
 </p>
1056 1030
 </div>
1057 1031
 </div>
1058
-<div id="outline-container-sec-32" class="outline-2">
1059
-<h2 id="sec-32">Tor is censored/blocked in my area. What can I do?</h2>
1060
-<div class="outline-text-2" id="text-32">
1032
+<div id="outline-container-sec-31" class="outline-2">
1033
+<h2 id="sec-31">Tor is censored/blocked in my area. What can I do?</h2>
1034
+<div class="outline-text-2" id="text-31">
1061 1035
 <p>
1062 1036
 If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
1063 1037
 </p>
@@ -1082,9 +1056,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm
1082 1056
 </div>
1083 1057
 </div>
1084 1058
 
1085
-<div id="outline-container-sec-33" class="outline-2">
1086
-<h2 id="sec-33">I want to block a particular domain from getting its content into my social network sites</h2>
1087
-<div class="outline-text-2" id="text-33">
1059
+<div id="outline-container-sec-32" class="outline-2">
1060
+<h2 id="sec-32">I want to block a particular domain from getting its content into my social network sites</h2>
1061
+<div class="outline-text-2" id="text-32">
1088 1062
 <p>
1089 1063
 If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
1090 1064
 </p>
@@ -1099,9 +1073,9 @@ Select <i>Administrator controls</i> then <i>Domain blocking</i>.
1099 1073
 </div>
1100 1074
 </div>
1101 1075
 
1102
-<div id="outline-container-sec-34" class="outline-2">
1103
-<h2 id="sec-34">The mesh system doesn't boot from USB drive</h2>
1104
-<div class="outline-text-2" id="text-34">
1076
+<div id="outline-container-sec-33" class="outline-2">
1077
+<h2 id="sec-33">The mesh system doesn't boot from USB drive</h2>
1078
+<div class="outline-text-2" id="text-33">
1105 1079
 <p>
1106 1080
 If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
1107 1081
 </p>
@@ -1112,9 +1086,9 @@ After the system has booted successfully the problem should resolve itself on su
1112 1086
 </div>
1113 1087
 </div>
1114 1088
 
1115
-<div id="outline-container-sec-35" class="outline-2">
1116
-<h2 id="sec-35">Mesh system doesn't connect to the network</h2>
1117
-<div class="outline-text-2" id="text-35">
1089
+<div id="outline-container-sec-34" class="outline-2">
1090
+<h2 id="sec-34">Mesh system doesn't connect to the network</h2>
1091
+<div class="outline-text-2" id="text-34">
1118 1092
 <p>
1119 1093
 Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
1120 1094
 </p>