[CentOS-mirror] Let's Encrypt certs for CentOS mirrors

Mon Jan 16 02:28:27 UTC 2017
Ryan Nix <ryan.nix at gmail.com>

Wish I could tell, but that is part of the magic. It’s literally just “certbot —apache”, go through the prompts, and voila, everything was configured. :)

> On Jan 15, 2017, at 8:14 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
> 
> 
> On Sun, January 15, 2017 7:54 pm, Ryan Nix wrote:
>> Terrific, thanks! The Certbot tool automatically configured Apache to
>> redirect all requests to 443 so I’m glad to hear yum will accept https.
>> 
> 
> Could you elaborate on how certbot reconfigures apache to redirect http to
> https on CentOS? How did you set certbot up, and which apache config
> file(s) were changes as result to make that redirect happen in your case?
> 
> I do use certbot on FreeBSD with apache (in jails), and certbot
> installation doesn't change anything in my case that can result in
> redirect. Whenever I need redirect I do it manually in one of apache's
> config files.
> 
> Valeri
> 
>> 
>>> On Jan 15, 2017, at 7:52 PM, Levi Pihema-Lindsay <levi at 2prointl.co <mailto:levi at 2prointl.co>>
>>> wrote:
>>> 
>>> Hey Ryan,
>>> 
>>> It's perfectly okay for you to deploy a mirror with SSL and plain HTTP,
>>> but bear in mind that mirrors will default to HTTP for simplicity
>>> (however, if you manually specify a mirror, yum will accept HTTPS)
>>> 
>>> -L
>>> 
>>>> On 16/01/2017, at 2:48 PM, Ryan Nix <ryan.nix at gmail.com <mailto:ryan.nix at gmail.com>> wrote:
>>>> 
>>>> Hi All,
>>>> 
>>>> Still haven’t heard back about whether it’s ok to use SSL on our
>>>> mirror. If it is, it looks like ours might be once of the first to do
>>>> so? Not seeing any mirrors wth https:
>>>> https://www.centos.org/download/mirrors/ <https://www.centos.org/download/mirrors/>
>>>> 
>>>> At any rate, if this ok to do, it would be great if all mirrors started
>>>> adopting https on their public CentOS mirror. Certbot makes it
>>>> incredibly easy to deploy a free Let’s Encrypt cert on your mirror,
>>>> and it literally only takes about 30 seconds to run this nifty tool.
>>>> https://certbot.eff.org
>>>> 
>>>> - Ryan
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________
>>>> CentOS-mirror mailing list
>>>> CentOS-mirror at centos.org
>>>> https://lists.centos.org/mailman/listinfo/centos-mirror
>>> 
>>> _______________________________________________
>>> CentOS-mirror mailing list
>>> CentOS-mirror at centos.org
>>> https://lists.centos.org/mailman/listinfo/centos-mirror
>> 
>> _______________________________________________
>> CentOS-mirror mailing list
>> CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org>
>> https://lists.centos.org/mailman/listinfo/centos-mirror <https://lists.centos.org/mailman/listinfo/centos-mirror>
>> 
> 
> 
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org>
> https://lists.centos.org/mailman/listinfo/centos-mirror <https://lists.centos.org/mailman/listinfo/centos-mirror>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20170115/d6ea8419/attachment-0006.html>