installation: set permissions for /etc/letsencrypt/

2023-05-06 17:26:17 +02:00 · 2023-05-06 17:26:17 +02:00 · 25b1d30cbe
commit 25b1d30cbe
parent a83ae30ce7
1 changed files with 11 additions and 7 deletions
--- a/DOCS/installation.md
+++ b/DOCS/installation.md
@ -72,13 +72,9 @@ Database configuration can be changed using `knotc conf-*` commands, see [Knot D
 #### Directories

 ```shell
-mkdir /srv/servnest/reg
-chown -R servnest:knot /srv/servnest/reg
-chmod -R u=rwX,g=rwX,o= /srv/servnest/reg
-
-mkdir /srv/servnest/ns
-chown -R servnest:knot /srv/servnest/ns
-chmod -R u=rwX,g=rwX,o= /srv/servnest/ns
+mkdir /srv/servnest/reg /srv/servnest/ns
+chown -R servnest:knot /srv/servnest/reg /srv/servnest/ns
+chmod -R u=rwX,g=rwX,o= /srv/servnest/reg /srv/servnest/ns
 ```

 #### Registry files initialisation
@ -204,6 +200,14 @@ This method also requires manual operations for renewal.

 The nginx configuration provided above uses the self-signed key pair at the locations set in the `openssl` command above. Replace those by the ones Certbot told you and reload nginx configuration.

+Allow nginx to access certificates:
+```shell
+mkdir -p /etc/letsencrypt/archive/ /etc/letsencrypt/live/
+chmod 710 /etc/letsencrypt/archive/ /etc/letsencrypt/live/
+chown root:nginx /etc/letsencrypt/archive/ /etc/letsencrypt/live/
+/root/certbot-deploy-hook.sh
+```
+
 ### Apache HTTP Server

 Apache in distributions is usually named `httpd`, `apache` or `apache2`. Adapt these instructions as appropriate.