[AC-Admins] irc.anthrochat.net
Scott Garron
simba at anthrochat.net
Tue Oct 18 20:54:33 EDT 2016
On 10/18/2016 06:30 PM, Scott Garron wrote:
> If each of the servers exports the DocumentRoot directory for
> http://servername.anthrochat.net/ via NFS
Now that I read more about it, it turns out that the http-01 ACME
verification process that letsencrypt uses will follow HTTP redirects,
which would be way easier to implement than NFS mounts. So if everyone
can just add an httpd (apache, nginx, lighttpd), listening on port 80,
to their servers and set it up to redirect similarly to the following, I
can do the rest of the work to obtain the certificates:
<VirtualHost *:80>
ServerName lion.anthrochat.net
ServerAlias irc.anthrochat.net
Redirect /.well-known/ http://le.anthrochat.net/
Redirect / http://www.anthrochat.net/
</VirtualHost>
(replacing "lion" with your own server's name [bear, cheetah, husky,
otter, snowleopard], of course)
Then, we'll need to work on a way for me to push the certs to all
of the servers. If the IRCds are owned by a separate user, I can just
give you an SSH public key to plop in ~/.ssh/authorized_keys , then set
up a script to SCP the certs over and rehash the service:
ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIHgxC0wq9hxJGKkHoHaQSRtk+lKlKsxhcLst/H6jKbQZ
root at eola
--
Simba
More information about the Admins
mailing list