The Fedora Community is considering requiring https for blogs to be published on fedoraplanet.org. While it is currently possible to host an SSL blog on both github or gitlab pages only gitlab supports SSL for custom domains. This article is a tutorial on how to use Pelican and Let’s Encrypt to produce a blog hosted on gitlab pages.
The first step is to create the directory structure to support the verification process used by Let’s Encrypt. This process involves serving a page from a hidden directory. To create the directory
mkdir -p .well-known/acme-challenge
At this point you need to install certbot so you can request a certificate from your computer.
sudo dnf install certbot
After the install is complete you would issue the command to generate a certificate for a remote site.
certbot certonly -a manual -d yoursite.com --config-dir ~/letsencrypt/config --work-dir ~/letsencrypt/work --logs-dir ~/letsencrypt/logs
replace ‘yoursite.com’ with your chosen site. The results will be as follows. The log string for the file name and contents will be different.
Make sure your web server displays the following content at http://yoursite.com/.well-known/acme-challenge/uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImDfd1 before continuing: uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImJ8qY.imp4JScFS23eaYWG4tF5e9TSRfGwDuFMmkQTiqN73t8 If you don't have HTTP server configured, you can run the following command on the target server (as root): mkdir -p /tmp/certbot/public_html/.well-known/acme-challenge cd /tmp/certbot/public_html printf "%s" uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImJ8qY.imp4JScFS23eaYWG4tF5e9TSRfGwDuFMmkQTiqN73t8 > .well-known/acme-challenge/uF2HODXEnO98ZRBLhDwFR0yOpGkyg0UyP4QZHImDfd1
# run only once per server: $(command -v python2 || command -v python2.7 || command -v python2.6) -c "import BaseHTTPServer, SimpleHTTPServer; s = BaseHTTPServer.HTTPServer(('', 80), SimpleHTTPServer.SimpleHTTPRequestHandler); s.serve_forever()" Press ENTER to continue
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /home/cprofitt/letsencrypt/config/live/hub.cprofitt.com/fullchain.pem. Your cert will expire on 2017-05-19. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Source From: fedoraplanet.org.
Original article title: Fedora Magazine: Gitlab, Pelican and Let’s Encrypt for a secure blog.
This full article can be read at: Fedora Magazine: Gitlab, Pelican and Let’s Encrypt for a secure blog.