From 242dbfd72cb5b5a26de6afdd3e8db0119431efe6 Mon Sep 17 00:00:00 2001 From: Sean Enck Date: Tue, 10 Apr 2018 21:15:46 -0400 Subject: [PATCH] how do you do let's encrypt? let's move this from an issue to the FAQ, this probably takes care of #118 and #231 well enough to at least resolve them and start using the md/docs --- docs/MANUAL.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/MANUAL.md b/docs/MANUAL.md index 1bab2b72..2bdc7a0e 100644 --- a/docs/MANUAL.md +++ b/docs/MANUAL.md @@ -215,6 +215,17 @@ If you're familiar with getting this output through your client (e.g. in weechat Otherwise, in the Oragono config file, you'll want to enable raw line logging by removing `-userinput -useroutput` under the `logging` section. Once you start up your server, connect, fail to oper and get disconnected, you'll see a bunch of input/output lines in Ora's log file. Remove your password from those logs and pass them our way. +## How do I use Let's Encrypt certificates? + +1. Follow the [guidance](https://letsencrypt.org/getting-started/) from Let's Encrypt to create your certificates +2. You should now have a set of `pem` files (in Linux you will), mainly we're interested in your `live/` Let's Encrypt directory (e.g. `/etc/letsencrypt/live//`) +3. Edit your configuration yaml file + 1. Change the `cert: tls.crt` to point to your `/etc/letsencrypt/live//fullchain.pem` + 2. Change the `key: tls.key` to point to your `/etc/letsencrypt/live//privkey.pem` +4. If you are using auto-renew via Let's Encrypt you may want to have a service or timer send a SIGHUP to the oragono process to reload the configuration and certs + 1. e.g. you could edit the `certbot.service` and add the following `ExecStartPost=/usr/bin/kill -HUP $(/usr/bin/pidof oragono)` + +This was originally discussed [here](https://github.com/oragono/oragono/issues/118) --------------------------------------------------------------------------------------------