Last active
December 9, 2021 01:35
-
-
Save haferman/590b1735d3077b2de21c503f6c0a4ecb to your computer and use it in GitHub Desktop.
steps to enable TLS for attestations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. create DNS "A" record (link ip address with FQDN) | |
| 2. make sure port 443 is open | |
| 3. sudo apt install nginx | |
| 4. stop attestation-service (so we can get certificate on default port 80) | |
| 5. sudo systemctl start nginx | |
| 6. sudo systemctl enable nginx | |
| 7. https://certbot.eff.org/instructions?ws=nginx&os=ubuntubionic | |
| (sudo snap install --classic certbot; sudo ln -s /snap/bin/certbot /usr/bin/certbot; sudo certbot --nginx) | |
| 8. sudo vi /etc/nginx/sites-available/default (doc root change to /dev/null so that http://ipaddress will fail) | |
| 9. attestation.config should point to new port (8080) | |
| 10. attestation-service should use new port (8080) | |
| 11. sudo systemctl restart nginx | |
| 12. update CELO_ATTESTATION_SERVICE_URL (only used by metadata) | |
| 13. start attestation-service | |
| 14. update metadata | |
| 15. update nexmo callback URLs | |
| 16. make backup of “default” file | |
| NOTE: to delete a no longer needed certificate: "sudo certbot delete" or "sudo certbot delete --cert-name example.com" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment