Certificate expired on diasp.in

Yes, that looks more organized.

@fayadfami I have started https://gitlab.com/piratemovin/diasp.in/wikis/home and you can delete the other repo.

@praveenarimbrathod I am still seeing the old certificate and the expiry warning when trying to use xmpp. Is the certificate for the xmpp service handled differently?

@vik yes, prosody configuration (/etc/prosody/prosody.cfg.lua) is still using the old certificates. /etc/nginx/sites-available/diasp.in has path for the new certificates. I'll update prosody now.

@vik I have made the changes, can you confirm?

Added prosody user to acl

sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/

and

sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/diasp.in

acl's were not enough as it was a symlink. I changed group of /etc/letsencrypt/live and /etc/letsencrypt/archive and subdirectories to ssl-cert which includes prosody. I also made chmod g+rx for these. @manukrishnantv can you make sure new certs generated by letsencrypt has root:ssl-cert ownership?

cool, xmpp is back up and running now

https://xmpp.net/result.php?domain=diasp.in&type=server shpws our certficate score as B for allowing SSLv3. I think we should disable it.

I have documented these details at https://gitlab.com/piratemovin/diasp.in/wikis/tls @manukrishnantv @fayadfami @vik add anything missing there.

@praveenarimbrathod i don't have the rights to delete repositories. Can you remove piratemovin/diasp.in-wiki.

Done.

@fayad You are now an owner. :D

@fayadfami @akshay can you fix the podupti.me listing for diasp.in? I think we got a negative score when certificate was expired and it was never retried.

Just opened an issue https://github.com/diasporg/Poduptime/issues/36

Gave a request to podupti.me for editing existing server details. And sent a message to David about it. @praveenarimbrathod

Edit. Diasp.in has been updated. But more to do before it takes effect. https://codema.in/d/CEBGMiT5/update-diaspora-to-0-5-6-3#comment-920037