Commit fa47c703 authored by sebian's avatar sebian
Browse files

blog: Letsencryp - Fix typos (thx taziden)

parent 1f25e050
......@@ -80,17 +80,17 @@ popd
```
Qu'il suffit de lancer comme ceci (pour l'exemple je génère un certificate
asral.fr avec comme domaines gérés gitoyen.net et planet.gitoyen.net (oui de la pub au passage))
gitoyen.net avec comme domaines gérés gitoyen.net et www.gitoyen.net (oui de la pub au passage))
```bash
$ bash bootstrap-letsencrypt.sh asrall gitoyen.net 'DNS:gitoyen.net,DNS:planet.gitoyen.net'
$ bash bootstrap-letsencrypt.sh gitoyen gitoyen.net 'DNS:gitoyen.net,DNS:www.gitoyen.net'
##### gitoyen.net #####
Parsing account key...
Parsing CSR...
Registering account...
Already registered!
Verifying planet.gitoyen.net...
planet.gitoyen.net verified!
Verifying www.gitoyen.net...
www.gitoyen.net verified!
Verifying gitoyen.net...
gitoyen.net verified!
Signing certificate...
......@@ -115,7 +115,7 @@ server {
listen 443;
ssl on;
client_max_body_size 20M;
server_name gitoyen.net planet.gitoyen.net asrall.sebian.fr;
server_name gitoyen.net www.gitoyen.net;
ssl_certificate /etc/letsencrypt/pem/gitoyen.net.pem;
ssl_certificate_key /etc/letsencrypt/private/gitoyen.net.key;
ssl_session_timeout 5m;
......@@ -172,8 +172,8 @@ Dans la conf `main.mk` de checkmk:
# /etc/checkmk/main.mk
legacy_checks = [
## Gitoyen
( ( "check-certificate!gitoyen.net", "Certificate Gitoyen - Letsencrypt", True), ['baloo.sebian.fr']),
( ( "check-certificate!planet.gitoyen.net", "Certificate Planet Gitoyen - Letsencrypt", True), ['baloo.sebian.fr']),
( ( "check-certificate!gitoyen.net", "Certificate Gitoyen - Letsencrypt", True), ['baloo.gitoyen.net']),
( ( "check-certificate!www.gitoyen.net", "Certificate www Gitoyen - Letsencrypt", True), ['baloo.gitoyen.net']),
]
```
......@@ -200,14 +200,14 @@ le check passe en warning avec ce mini script bash.
```bash
#!/bin/bash
account='asrall'
certs='gitoyen.net planet.gitoyen.net'
account='gitoyen'
certs='gitoyen.net www.gitoyen.net'
pushd /etc/letsencrypt
for cert in $certs
do
echo "##### ${cert} #####"
acme_tiny.py --account-key ./private/labriqueinternet.key --csr ./csr/${cert}.csr --acme-dir /etc/letsencrypt/challenges/${cert}/ > ./certs/${cert}.crt
acme_tiny.py --account-key ./private/gitoyen.key --csr ./csr/${cert}.csr --acme-dir /etc/letsencrypt/challenges/${cert}/ > ./certs/${cert}.crt
cat ./certs/${cert}.crt ./pem/intermediate.pem > ./pem/${cert}.pem
done
popd
......@@ -216,4 +216,4 @@ systemctl restart nginx
## Chocolat
Même si le modèle des CA et bancal, il n'y a plus de raison maintenant de ne pas proposer du HTTPS partout!
Même si le modèle des CA est bancal, il n'y a plus de raison maintenant de ne pas proposer du HTTPS partout!
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment