Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • ssh to the server

  • install the certbot manually

  • Stop traefik to free port 80

  • Generate certificate and copy them to traefik folder (and chown to grasshopper:developers)

  • Edit traefik.toml

    • remove acme part

    • add manual certificates

  • edit docker-compose and mount the certificates in the container

  • ???

  • PROFIT!!

Instructions for renewal

Since the initial mitigation, the steps for renewal have become simpler.

  • docker stop myaegee_traefik_1 (to free port 80)

  • certbot renew

  • copy fullchain.pem and privkey.pem from /etc/letsencrypt/live to traefik cert folder

  • docker restart myaegee_traefik_1

Notes

This should not happen again as we will migrate to MyAEGEE v2 soon, which will get rid of Ubuntu 16 (I was even afraid I could not install certbot there..!) and Traefik 1.7.x