Depuis quelque jours j’essai de mettre en place les certificats de Let’s encrypt pour yunohost via se tuto:
Mais malheureusement je ne comprend pas tout:
To check that you actually are the one runing yourDomain.tld, Let’s encrypt is going to add files to some URL of your server and try to access it from its servers. From what I understood, if your server runs Apache you can have letsencrypt-auto do everything itself, but the support for nginx isn’t here yet so we have to tweak things manually.
We have to make the URL yourDomain.tld/.well-known/acme-challenge accessible, and the corresponding content will be stored in /tmp/letsencrypt-auto. Add a nginx config file, for instance called letsencrypt.conf (nano /etc/nginx/conf.d/yourDomain.tld.d/letsencrypt.conf) and add the new location block in the server running on port 80 :
location ‘/.well-known/acme-challenge’ {
default_type “text/plain”;
root /tmp/letsencrypt-auto;
}
In the context of Yunohost, we also need to tweak the SSOwat conf so that the Let’s encrypt server aren’t redirected to the SSO login interface when trying to access .well-known/acme-challenge. Open the persistent rules configuration for SSOwat (/etc/ssowat/conf.json.persistent), and add a new unprotected_urls rule :
{
unprotected_urls : [
“yourDomain.tld/.well-known/acme-challenge”
]
}
Check that your nginx conf looks valid with nginx -t and restart the daemon with service nginx restart. (You don’t need to do anything for SSOwat)
Donc si une âme charitable pouvez svp, traduire se topic en français en utilisant un nome domaine fictive, genre yunodemo.fr pour mieux comprendre.
Merci d’avance
