How to configure x509 on any MF/PL Server using letsencrypt
If this is for a regular web site handled by our control panel
Follow the user facing documentation on setting up a x509 certificate.
If the machine is a mosh
Edit the server's .pp file and add the following to the "m_mosh" class declaration:
x509_method => "letsencrypt"
If the server is not a mosh, but is running apache
Run:
mf-certbot /etc/apache2/sites-enables/SITE.CONF
Complete the path above pointing to the web configuration file configured to respond to the domains you want certified.
If the server is not a mosh and is running nginx
mf-certbot can parse nginx configs as well. Make sure you've set both the servername and root directive in your config file. You can drop the stanza below into your server block to deal with the authentication files.
location /.well-known/ { root /var/www/html; }
If the server not a mosh and is not running a web server
Run:
mf-certbot domain.org www.domain.org another.domain.org
Updates
The letsecnrypt software will automatically update the certificates every 3 months
To do
Add a restart command to the post-certify hook of letsecnrypt?