Pirate Praveen Mon 11 Jan 2016 6:59AM
@fayadfami I have started https://gitlab.com/piratemovin/diasp.in/wikis/home and you can delete the other repo.
vik@hamara Mon 11 Jan 2016 9:32AM
@praveenarimbrathod I am still seeing the old certificate and the expiry warning when trying to use xmpp. Is the certificate for the xmpp service handled differently?
Pirate Praveen Mon 11 Jan 2016 12:34PM
@vik yes, prosody configuration (/etc/prosody/prosody.cfg.lua) is still using the old certificates. /etc/nginx/sites-available/diasp.in has path for the new certificates. I'll update prosody now.
Pirate Praveen Mon 11 Jan 2016 12:38PM
@vik I have made the changes, can you confirm?
Pirate Praveen Mon 11 Jan 2016 12:55PM
Added prosody user to acl
sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/
and
sudo setfacl -m u:prosody:rx /etc/letsencrypt/live/diasp.in
Pirate Praveen Mon 11 Jan 2016 1:21PM
acl's were not enough as it was a symlink. I changed group of /etc/letsencrypt/live and /etc/letsencrypt/archive and subdirectories to ssl-cert which includes prosody. I also made chmod g+rx for these. @manukrishnantv can you make sure new certs generated by letsencrypt has root:ssl-cert ownership?
vik@hamara Mon 11 Jan 2016 2:03PM
cool, xmpp is back up and running now
Pirate Praveen Mon 11 Jan 2016 2:51PM
https://xmpp.net/result.php?domain=diasp.in&type=server shpws our certficate score as B for allowing SSLv3. I think we should disable it.
I have documented these details at https://gitlab.com/piratemovin/diasp.in/wikis/tls @manukrishnantv @fayadfami @vik add anything missing there.
Fayad Fami Thu 14 Jan 2016 8:14PM
@praveenarimbrathod i don't have the rights to delete repositories. Can you remove piratemovin/diasp.in-wiki.
Fayad Fami · Mon 11 Jan 2016 6:52AM
Yes, that looks more organized.