YunoHost/doc
1
0
Fork 0
mirror of https://github.com/YunoHost/doc.git synced 2024-09-03 20:06:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

Typos / comments from @julienmalik

Browse source
This commit is contained in:
Alexandre Aubin 2017-01-14 19:54:39 +01:00 committed by GitHub
parent adaafda428
commit 742532acae
1 changed files with 12 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
certmanager.md
View file

@ -6,7 +6,7 @@ Managing certificates with Yunohost
----------------------------------- -----------------------------------
The main feature of the certificate manager is to allow you to install Let's The main feature of the certificate manager is to allow you to install Let's
Encrypt certificate on your domains without plain. You can use it from the web Encrypt certificate on your domains without pain. You can use it from the web
administration (*SSL certificate* on a given domain info page), or from the administration (*SSL certificate* on a given domain info page), or from the
command line with `yunohost domain cert-status`, `cert-install` and command line with `yunohost domain cert-status`, `cert-install` and
`cert-renew`. `cert-renew`.
@ -25,10 +25,10 @@ run every day and attempt to renew any certificate that will expire in less than
#### I want/need to use a certificate from a different CA than Let's Encrypt. #### I want/need to use a certificate from a different CA than Let's Encrypt.
This is not supported yet. You might need to manually create Certificate Signing This cannot be done automatically for now. You will need to manually create a
Request (CSR) to be given to your CA, and manually import the certificate you Certificate Signing Request (CSR) to be given to your CA, and manually import
got from it. Check out [this page](certificate) for more info. This process the certificate you get from it. Check out [this page](certificate) for more
might made easier by Yunohost in the future. info. This process might be made easier by Yunohost in the future.
Migration procedure Migration procedure
-------------------- --------------------
@ -40,10 +40,10 @@ This is especially true for nohost.me / noho.st users (and other domains service
sharing a common subdomain). If too many people migrate during the same period sharing a common subdomain). If too many people migrate during the same period
of time, you might get stuck with a self-signed certificate for a few days ! of time, you might get stuck with a self-signed certificate for a few days !
#### I used the *letsencrypt_ynh* app. #### I used the *letsencrypt_ynh* app
You will be asked to uninstall the app before being able to use the new You will be asked to uninstall the app before being able to use the new
management feature. You can do it from the web administration interface, of from management feature. You can do it from the web administration interface, or from
the command line with : the command line with :
```bash ```bash
@ -53,10 +53,10 @@ yunohost domain cert-install
Be aware that the first command will revert your domains to self-signed Be aware that the first command will revert your domains to self-signed
certificate. The second command will attempt to reinstall a Let's Encrypt certificate. The second command will attempt to reinstall a Let's Encrypt
certificate on all your domains which have self-signed certificate. certificate on all your domains which have a self-signed certificate.
#### I manually installed my certificates. #### I manually installed my Let's Encrypt certificates
You should go in your nginx configuration, and remove the `letsencrypt.conf` (or You should go in your nginx configuration, and remove the `letsencrypt.conf` (or
whatever you called the file containing the `location whatever you called the file containing the `location
@ -126,7 +126,7 @@ whole process relies on trust in third parties called Certification Authorities
effectively controls the domain `ilikecoffee.com`) before delivering effectively controls the domain `ilikecoffee.com`) before delivering
[cryptographic certificates](https://en.wikipedia.org/wiki/Public_key_certificate). [cryptographic certificates](https://en.wikipedia.org/wiki/Public_key_certificate).
#### Why do browsers complain about self-signed certificate ? #### Why do browsers complain about self-signed certificates ?
Self-signed certificates are, as their name says, self-signed, meaning that you Self-signed certificates are, as their name says, self-signed, meaning that you
were your own certification authority in the process. Such a certificate does were your own certification authority in the process. Such a certificate does
@ -141,7 +141,7 @@ human intervention, time and money.
In 2015, Let's Encrypt, developped a protocol called In 2015, Let's Encrypt, developped a protocol called
[ACME](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment), [ACME](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment),
that allow to automatically verify that a machine controls a domain and deliver which allows to automatically verify that a machine controls a domain, and deliver
certificates for free, drastically reducing the cost of setting up a SSL certificates for free, drastically reducing the cost of setting up a SSL
certificate. certificate.
@ -150,7 +150,7 @@ certificate.
To verify your server's identity and deliver the certificate, Let's Encrypt uses To verify your server's identity and deliver the certificate, Let's Encrypt uses
the [ACME the [ACME
protocol](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment). It protocol](https://en.wikipedia.org/wiki/Automated_Certificate_Management_Environment). It
basically works as follow (it's simplified, but you get the idea) : basically works as follow (it's simplified, but you'll get the idea) :
- A program running on your server contacts the Let's Encrypt CA server, ask for - A program running on your server contacts the Let's Encrypt CA server, ask for
a certificate for domain `ilikecoffee.com`. a certificate for domain `ilikecoffee.com`.
- The Let's Encrypt CA server generates a random string such as `A84F2D0B`, and - The Let's Encrypt CA server generates a random string such as `A84F2D0B`, and