Skip to content
Snippets Groups Projects
Commit 3504e440 authored by Florian Sesser's avatar Florian Sesser
Browse files

Update ops docs: No need for manually creating TLS keys anymore

Since !146 (merged on 2021-09-07) we let the NixOS Let's Encrypt integration
with NGINX handle TLS.  That integration cares for interim self-signed certs
until real ones are aquired.  The section about creating TLS certs by hand so
the service will start is obsolote.
parent ff5081e9
Branches
No related tags found
2 merge requests!228merge develop into production,!212Update ops docs: No need for manually creating TLS keys for the payment server anymore
Pipeline #1472 passed
......@@ -42,17 +42,6 @@ For example::
echo -n "SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE=" > ristretto.signing-key
ZKAP-Issuer TLS
```````````````
The ZKAPIssuer.service needs a working TLS certificate and expects it in the certbot directory for the domain you configured, in my case::
openssl req -x509 -newkey rsa:4096 -nodes -keyout privkey.pem -out cert.pem -days 3650
touch chain.pem
Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``.
Monitoring VPN
``````````````
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment