| 171 | | * [wiki:ordering-cartel-x509-certificates Purchase/activate an x509 certificate]. The certificate signing request will already be generated by puppet and is on the guest server in /etc/ssl/<guestname>.mayfirst.org.csr. |
| 172 | | * Once you have the certificate: |
| 173 | | * remove the symlink /etc/ssl/<guestname>.mayfirst.org.crt |
| 174 | | * create a new file with the same name containing the cert and the intermediate cert. |
| 175 | | * remove the symlink /etc/ssl/private/<guestname>.mayfirst.org.pem. |
| 176 | | * rename /etc/ssl/private/<guestname>.mayfirst.org.key.uncertified to /etc/ssl/private/<guestname>.mayfirst.org.pem |
| 177 | | * add the cert and intermediate cert to this file (courier needs both the key and cert in the same file |
| | 171 | * [wiki:letsencrypt setup x509 certificates]. |
