171 | | * [wiki:ordering-cartel-x509-certificates Purchase/activate an x509 certificate]. The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/<guestname>.mayfirst.org.csr. |
172 | | * Once you have the certificate: |
173 | | * remove the symlink /etc/ssl/<guestname>.mayfirst.org.crt |
174 | | * create a new file with the same name containing the cert and the intermediate cert. |
175 | | * remove the symlink /etc/ssl/private/<guestname>.mayfirst.org.pem. |
176 | | * rename /etc/ssl/private/<guestname>.mayfirst.org.key.uncertified to /etc/ssl/private/<guestname>.mayfirst.org.pem |
177 | | * add the cert and intermediate cert to this file (courier needs both the key and cert in the same file |
| 171 | * [wiki:letsencrypt setup x509 certificates]. |