cybersavior(7)

Process we use for renewing certificates

process compiled from the excellent guides below.
this process is predecated on already having done some legwork on the initial setup(from the guides below) which is not repeated as it's no longer needed.

TAGS:whitetechnologyplan9documentationsafe

first on linux machine run:

certbot certonly --manual -d cybersavior.dev -d *.cybersavior.dev
follow the certification process until the challenge requiring adding to .wellknown in http server.

drawterm into Temuorin
reboot Temuorin to take ip/httpd/httpd down
that this works it not ideal, it should be setup as a service, but i have had issues making that work and in this specific case it's good, because the challenge requires http, but .dev domains require https normally so i don't run http at all normally. killing nobody processes is annoying so reboot is easier in my opinion

once Temuorin comes up run

ip/httpd/httpd
then add the challenge file to /usr/www
finish challenge process after verifying it can be wget-ed in linux
open a sudo drawterm into myugii

cd /sys/lib/tls/
cp /mnt/term/etc/letsencrypt/live/cybersavior.dev/privkey.pem ./
cp /mnt/term/etc/letsencrypt/live/cybersavior.dev/fullchain.pem ./cert
rm key
auth/pemdecode 'PRIVATE KEY' privkey.pem | auth/asn12rsa -t 'service=tls role=client' > key
rm privkey.pem
chmod 400 key
reboot (i don't think it's strictly necessary, but i wanna make sure the new key is being used and this is all working proper)

we no longer need the sudo drawterm for myugii
then back to Temuorin to start httpd

ip/httpd/httpd -c /sys/lib/tls/cert -C /sys/lib/tls/cert

— Submit an edit to newcert.htm(25 lines)