codema.in
Sat 9 Jan 2016 12:21PM

Certificate expired on diasp.in

PV Pirate Vik Public Seen by 275
FF

Fayad Fami Mon 11 Jan 2016 6:52AM

Yes, that looks more organized.

PP

Pirate Praveen Mon 11 Jan 2016 6:59AM

@fayadfami I have started https://gitlab.com/piratemovin/diasp.in/wikis/home and you can delete the other repo.

PV

Pirate Vik Mon 11 Jan 2016 9:32AM

@praveenarimbrathod I am still seeing the old certificate and the expiry warning when trying to use xmpp. Is the certificate for the xmpp service handled differently?

PP

Pirate Praveen Mon 11 Jan 2016 12:34PM

@vik yes, prosody configuration (/etc/prosody/prosody.cfg.lua) is still using the old certificates. /etc/nginx/sites-available/diasp.in has path for the new certificates. I'll update prosody now.

PP

Pirate Praveen Mon 11 Jan 2016 12:38PM

@vik I have made the changes, can you confirm?

PP

Pirate Praveen Mon 11 Jan 2016 12:55PM

Added prosody user to acl

sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/

and

sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/diasp.in

PP

Pirate Praveen Mon 11 Jan 2016 1:21PM

acl's were not enough as it was a symlink. I changed group of /etc/letsencrypt/live and /etc/letsencrypt/archive and subdirectories to ssl-cert which includes prosody. I also made chmod g+rx for these. @manukrishnantv can you make sure new certs generated by letsencrypt has root:ssl-cert ownership?

PV

Pirate Vik Mon 11 Jan 2016 2:03PM

cool, xmpp is back up and running now

PP

Pirate Praveen Mon 11 Jan 2016 2:51PM

https://xmpp.net/result.php?domain=diasp.in&type=server shpws our certficate score as B for allowing SSLv3. I think we should disable it.

I have documented these details at https://gitlab.com/piratemovin/diasp.in/wikis/tls @manukrishnantv @fayadfami @vik add anything missing there.

FF

Fayad Fami Thu 14 Jan 2016 8:14PM

@praveenarimbrathod i don't have the rights to delete repositories. Can you remove piratemovin/diasp.in-wiki.

Load More