-
Notifications
You must be signed in to change notification settings - Fork 7
Let's Encrypt
MTH thinks that the docs for what we actually use for SSL are https://github.com/OpenTreeOfLife/germinator/tree/master/deploy#how-to-deploy-a-new-server not this page on Let's Encrypt.
Let's Encrypt is a free service provided by eff.org that provides TLS certificates (for https:) at no cost. A Let's Encrypt certificate verifies that the party you're communicating with is the one that controlled the web site registered for the domain name you used to reach it, at the time the certificate was obtained.
It is possible to set up Open Tree servers using Let's Encrypt certificates. Assume apache is installed and running. First, log in to the administrator account (not root) and install Let's Encrypt. Instructions are at https://letsencrypt.org/howitworks/ .
Then, configure the open tree server(s) to use the certificate installed by Let's Encrypt:
CERTIFICATE_FILE=/etc/letsencrypt/live/asterales.opentreeoflife.org/fullchain.pem
CERTIFICATE_KEY_FILE=/etc/letsencrypt/live/asterales.opentreeoflife.org/privkey.pem
An example configuration file is here. Then proceed as usual using the "deployment system".