|
|
@@ -72,13 +72,9 @@ Database configuration can be changed using `knotc conf-*` commands, see [Knot D
|
|
|
#### Directories
|
|
|
|
|
|
```shell
|
|
|
-mkdir /srv/servnest/reg
|
|
|
-chown -R servnest:knot /srv/servnest/reg
|
|
|
-chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
|
|
|
-
|
|
|
-mkdir /srv/servnest/ns
|
|
|
-chown -R servnest:knot /srv/servnest/ns
|
|
|
-chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
|
|
|
+mkdir /srv/servnest/reg /srv/servnest/ns
|
|
|
+chown -R servnest:knot /srv/servnest/reg /srv/servnest/ns
|
|
|
+chmod -R u=rwX,g=rwX,o= /srv/servnest/reg /srv/servnest/ns
|
|
|
```
|
|
|
|
|
|
#### Registry files initialisation
|
|
|
@@ -204,6 +200,14 @@ This method also requires manual operations for renewal.
|
|
|
|
|
|
The nginx configuration provided above uses the self-signed key pair at the locations set in the `openssl` command above. Replace those by the ones Certbot told you and reload nginx configuration.
|
|
|
|
|
|
+Allow nginx to access certificates:
|
|
|
+```shell
|
|
|
+mkdir -p /etc/letsencrypt/archive/ /etc/letsencrypt/live/
|
|
|
+chmod 710 /etc/letsencrypt/archive/ /etc/letsencrypt/live/
|
|
|
+chown root:nginx /etc/letsencrypt/archive/ /etc/letsencrypt/live/
|
|
|
+/root/certbot-deploy-hook.sh
|
|
|
+```
|
|
|
+
|
|
|
### Apache HTTP Server
|
|
|
|
|
|
Apache in distributions is usually named `httpd`, `apache` or `apache2`. Adapt these instructions as appropriate.
|
Miraty