Fedora Magazine: Gitlab, Pelican and Let’s Encrypt for a secure blog

The Fedora Community is considering requiring https for blogs to be published on fedoraplanet.org. While it is currently possible to host an SSL blog on both github or gitlab pages only gitlab supports SSL for custom domains. This article is a tutorial on how to use Pelican and Let’s Encrypt to produce a blog hosted on gitlab pages.

The first step is to create the directory structure to support the verification process used by Let’s Encrypt. This process involves serving a page from a hidden directory. To create the directory

mkdir -p .well-known/acme-challenge

At this point you need to install certbot so you can request a certificate from your computer.

sudo dnf install certbot

After the install is complete you would issue the command to generate a certificate for a remote site.

certbot certonly -a manual -d yoursite.com --config-dir ~/letsencrypt/config --work-dir ~/letsencrypt/work --logs-dir ~/letsencrypt/logs

replace ‘yoursite.com’ with your chosen site. The results will be as follows. The log string for the file name and contents will be different.

Make sure your web server displays the following content at
 http://yoursite.com/.well-known/acme-challenge/uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImDfd1 before continuing:


If you don't have HTTP server configured, you can run the following
 command on the target server (as root):

mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge
 cd /tmp/certbot/public_html
 printf "%s" uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImJ8qY.imp4JScFS23eaYWG4tF5e9TSRfGwDuFMmkQTiqN73t8 > .well-known/acme-challenge/uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImDfd1
# run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c  "import BaseHTTPServer, SimpleHTTPServer;  s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler);  s.serve_forever()" Press ENTER to continue


 - Congratulations! Your certificate and chain have been saved at
 Your cert will expire on 2017-05-19. To obtain a new or tweaked
 version of this certificate in the future, simply run certbot
 again. To non-interactively renew *all* of your certificates, run
 "certbot renew"
 - If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 Donating to EFF:                    https://eff.org/donate-le


Source From: fedoraplanet.org.
Original article title: Fedora Magazine: Gitlab, Pelican and Let’s Encrypt for a secure blog.
This full article can be read at: Fedora Magazine: Gitlab, Pelican and Let’s Encrypt for a secure blog.


Random Article You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *