Changes between Version 22 and Version 23 of faq/security/setup-certificate


Ignore:
Timestamp:
Nov 13, 2018, 11:00:46 AM (2 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • faq/security/setup-certificate

    v22 v23  
    1212 * Log in via https://members.mayfirst.org/cp.
    1313 * Choose the "Web Configuration" section.
    14  * Edit your web configuration and remove any domains from ServerAlias or ServerName that are a sub-domain of mayfirst.org (e.g. yourorg.mayfirst.org). You should only have your own personal domains listed (this is temporary until #12045 is resolved).
    15  * Be sure that the DNS entries for any domains entered as ServerName or ServerAlias actually resolve to the ip number of your website host.
    16  * Edit your web configuration and change the "Port" field to "auto".
     14[[Image(https-configuration.png)]]
     15 * Edit your web configuration and remove any domains from the domain names section that are not properly working or have expired (if there are any).
     16 * Change Encryption from http to https.
    1717 * Click "Submit".
     18
     19
     20== What if I already have an https web site? ==
     21
     22Some members already have their own https certificates and keys. If you click the Advanced button, you will see them listed.
     23
     24If you want to switch from using your own https certificate and key to using our automatic and free Let's Encrypt certificate and key, simply delete the path to your certificate and key from the TLS Key path and TLS Cert path fields.
    1825
    1926== How does it work? ==
    2027
    21 You have several options when choosing to configure your web sites. Each site will have and does need at least one web configuration item.
    22 
    23 === auto ===
    24 
    25 The best option is to use "auto." When your web site is configured to use auto, then:
    26 
    27  * A [https://letsencrypt.org/ letsencrypt] certificate will be automatically generated at no cost for all the domains in your web configuration (both Server Name and Server Alias).
    28  * This certificate will be automatically updated every three months
    29  * All requests sent via http will be automatically redirected to https
    30 
    31 === http ===
    32 
    33 If you prefer,  you can opt instead to have an http-only site by choosing http.
    34 
    35 === https ===
    36 
    37 You may also wish to use your own certificates, in which case select "https" and specify the `SSLEngine On`, `SSLCertificateKeyFile`, and `SSLCertificateFile` parameters in your configuration that point to the appropriate files. If your web configuration has only an https item, you won't have an http site at all. Note that this means anyone trying to reach your site with http will get an "Error 404 Server not found" message.
    38 
    39 === Both http and https ===
    40 
    41 You can also choose to have a different web configuration for http and https or control the redirecting in a more fine-tuned way. For sites that have https enabled with a certificate that they purchased or obtained themselves, their web configuration will have two items: one for each http and https.
    42 
    43 == What if I already have an https web site? ==
    44 
    45 You can easily convert your site from an https web site to an auto web site.
    46 
    47 If you have both an http and an https web configuration, you must first delete the http one.
    48 
    49 Then, edit the https site, remove the SSL lines, and change it to auto.
    50 
    51 
    52 == Do I need to make any additional changes to my website internal configuration? ==
    53 
    54 This depends on how your website has been created. For WordPress sites it is necessary to [https://support.mayfirst.org/wiki/how-to/wordpress/change-site-url change the siteurl] and any internal references to the http version of the site to the https version. If you are using Drupal and you have explicity set the {{{$base_url}}} variable in your {{{default/settings.php}}} file you will need to update that value, otherwise the change should be automatic. html only sites will have to have their internal URL's updated manually.
     28Our control panel is integrated with a free services called [https://letsencrypt.org/ Let's Encrypt]. They provide automated 3 month certificates free of charge. We have a regular scheduled job that will automatically renew your certificates every three months to ensure they are kept up to date.