[[TranslatedPages]]
[[PageOutline]]

= How to configure x509 on any MF/PL Server using letsencrypt =

== If this is for a regular web site handled by our control panel ==

Follow the [wiki:faq/security/setup-certificate user facing documentation on setting up a x509 certificate].


== If the machine is a mosh ==

Edit the server's .pp file and add the following to the "m_mosh" class declaration:

{{{
  x509_method => "letsencrypt"
}}}

== If the server is not a mosh, but is running apache ==

Run:

{{{
mf-certbot /etc/apache2/sites-enables/SITE.CONF
}}}

Complete the path above pointing to the web configuration file configured to respond to the domains you want certified. 

== If the server is not a mosh and is running nginx ==

mf-certbot can parse nginx configs as well. Make sure you've set both the servername and root directive in your config file. You can drop the stanza below into your server block to deal with the authentication files.

{{{
    location /.well-known/ {
        root /var/www/html;
    }
}}}

== If the server not a mosh and is not running a web server ==

Run:

{{{
mf-certbot domain.org www.domain.org another.domain.org
}}}

== Updates ==

The letsecnrypt software will automatically update the certificates every 3 months

== To do ==

Add a restart command to the post-certify hook of letsecnrypt?