From 8393f1b1b5619a81a0e117db2b7c8d3295acca02 Mon Sep 17 00:00:00 2001
From: Florian Sesser <florian@privatestorage.io>
Date: Wed, 5 May 2021 20:21:00 +0000
Subject: [PATCH] Self-signed TLS key for the payment server

---
 morph/grid/local/README.rst | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/morph/grid/local/README.rst b/morph/grid/local/README.rst
index 4f5b59d2..e4d07e12 100644
--- a/morph/grid/local/README.rst
+++ b/morph/grid/local/README.rst
@@ -48,6 +48,7 @@ Here is a Ristretto key you can use, randomly generated just now::
 
 Generate your own like this::
 
+  [flo@la:~/PrivateStorageio]$ nix-shell
   [nix-shell:~/PrivateStorageio]$ nix-shell -p zkapissuer.components.exes.PaymentServer-generate-key
   [nix-shell:~/PrivateStorageio]$ PaymentServer-generate-key
   SILOWzbnkBjxC1hGde9d5Q3Ir/4yLosCLEnEQGAxEQE=
@@ -63,6 +64,13 @@ I think this will work for generating random Stripe secret keys (that our softwa
 
 Public keys are the same but "pk_test" instead of "sk_test" ("test" is for "test mode" key that can only process pretend txns; for real txns there are keys with "live" embedded).
 
+The ZKAPIssuer.service needs a working TLS certificate and expects it in the certbot directory for the domain you configured, in my case::
+
+  openssl req -x509 -newkey rsa:4096 -nodes -keyout privkey.pem -out cert.pem -days 3650
+  touch chain.pem
+
+Move the three .pem files into the payment's server ``/var/lib/letsencrypt/live/payments.localdev/`` directory and issue a ``sudo systemctl restart zkapissuer.service``.
+
 
 Use the local development environment
 `````````````````````````````````````
-- 
GitLab