Switch from acmetool to certbot for SSL certificate retrieval

2018-08-29 09:37:44 +03:00
parent d5346656e3
commit 23e4a4734b
9 changed files with 164 additions and 75 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,21 @@
+# 2018-08-29
+
+## Changing the way SSL certificates are retrieved
+
+We've been using [acmetool](https://github.com/hlandau/acme) (with the [willwill/acme-docker](https://hub.docker.com/r/willwill/acme-docker/) Docker image) until now.
+
+Due to the Docker image being deprecated, and for things looking bleak for acmetool's support of the newer ACME v2 API endpoint, we've switched to using [certbot](https://certbot.eff.org/) (with the [certbot/certbot](https://hub.docker.com/r/certbot/certbot/) Docker image).
+
+Simply re-running the playbook will retrieve new certificates for you.
+To ensure you don't leave any old files behind, though, you'd better do this:
+
+- `systemctl stop matrix*`
+- stop your custom webserver, if you're running one (only affects you if you've installed with `matrix_nginx_proxy_enabled: false`)
+- `mv /matrix/ssl /matrix/ssl-acmetool-delete-later`
+- re-run the playbook's [installation](docs/installing.md)
+- possibly delete `/matrix/ssl-acmetool-delete-later`
+
+
 # 2018-08-21

 ## Matrix Corporal support