free
/
freedombone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Since letsencrypt is now automatic this isn't needed anymore

This commit is contained in:
Bob Mottram 2018-06-16 21:22:37 +01:00
parent 3ed2f5988d
commit 6b6133d662
2 changed files with 31 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
doc/EN/faq.org
View File

@ -43,7 +43,6 @@
| [[Why isn't dynamic DNS working?]] |
| [[How do I change my encryption settings?]] |
| [[How do I get a domain name?]] |
| [[How do I get a "real" SSL/TLS/HTTPS certificate?]] |
| [[How do I renew a Let's Encrypt certificate?]] |
| [[I tried to renew a Let's Encrypt certificate and it failed. What should I do?]] |
| [[Why not use the services of $company instead? They took the Seppuku pledge]] |
@ -306,16 +305,6 @@ service exim4 restart
You should now be able to send an email from /postmaster@mynewdomainname/ and it should arrive in your inbox.
* How do I get a "real" SSL/TLS/HTTPS certificate?
If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
#+begin_src bash
ssh username@mydomainname -p 2222
#+end_src
Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
* How do I renew a Let's Encrypt certificate?
Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.

88
website/EN/faq.html
View File

@ -4,7 +4,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<title></title>
<!-- 2018-06-16 Sat 21:18 -->
<!-- 2018-06-16 Sat 21:22 -->
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<meta name="generator" content="Org-mode" />
<meta name="author" content="Bob Mottram" />
@ -275,39 +275,35 @@ for the JavaScript code in this tag.
</tr>
<tr>
<td class="left"><a href="#sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
<td class="left"><a href="#sec-27">How do I renew a Let's Encrypt certificate?</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-28">How do I renew a Let's Encrypt certificate?</a></td>
<td class="left"><a href="#sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
<td class="left"><a href="#sec-29">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-30">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
<td class="left"><a href="#sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
<td class="left"><a href="#sec-31">Tor is censored/blocked in my area. What can I do?</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-32">Tor is censored/blocked in my area. What can I do?</a></td>
<td class="left"><a href="#sec-32">I want to block a particular domain from getting its content into my social network sites</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-33">I want to block a particular domain from getting its content into my social network sites</a></td>
<td class="left"><a href="#sec-33">The mesh system doesn't boot from USB drive</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-34">The mesh system doesn't boot from USB drive</a></td>
</tr>
<tr>
<td class="left"><a href="#sec-35">Mesh system doesn't connect to the network</a></td>
<td class="left"><a href="#sec-34">Mesh system doesn't connect to the network</a></td>
</tr>
</tbody>
</table>
@ -952,31 +948,9 @@ You should now be able to send an email from <i>postmaster@mynewdomainname</i> a
</div>
<div id="outline-container-sec-27" class="outline-2">
<h2 id="sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
<h2 id="sec-27">How do I renew a Let's Encrypt certificate?</h2>
<div class="outline-text-2" id="text-27">
<p>
If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
</p>
<div class="org-src-container">
<pre class="src src-bash">ssh username@mydomainname -p 2222
</pre>
</div>
<p>
Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
</p>
<p>
One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
</p>
</div>
</div>
<div id="outline-container-sec-28" class="outline-2">
<h2 id="sec-28">How do I renew a Let's Encrypt certificate?</h2>
<div class="outline-text-2" id="text-28">
<p>
Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
</p>
@ -995,9 +969,9 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew
</p>
</div>
</div>
<div id="outline-container-sec-29" class="outline-2">
<h2 id="sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
<div class="outline-text-2" id="text-29">
<div id="outline-container-sec-28" class="outline-2">
<h2 id="sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
<div class="outline-text-2" id="text-28">
<p>
Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
</p>
@ -1013,17 +987,17 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Creat
</p>
</div>
</div>
<div id="outline-container-sec-30" class="outline-2">
<h2 id="sec-30">Why not use the services of $company instead? They took the Seppuku pledge</h2>
<div class="outline-text-2" id="text-30">
<div id="outline-container-sec-29" class="outline-2">
<h2 id="sec-29">Why not use the services of $company instead? They took the Seppuku pledge</h2>
<div class="outline-text-2" id="text-29">
<p>
<a href="https://cryptostorm.org/viewtopic.php?f=63&t=2954&sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
</p>
</div>
</div>
<div id="outline-container-sec-31" class="outline-2">
<h2 id="sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
<div class="outline-text-2" id="text-31">
<div id="outline-container-sec-30" class="outline-2">
<h2 id="sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
<div class="outline-text-2" id="text-30">
<p>
Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
</p>
@ -1055,9 +1029,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti
</p>
</div>
</div>
<div id="outline-container-sec-32" class="outline-2">
<h2 id="sec-32">Tor is censored/blocked in my area. What can I do?</h2>
<div class="outline-text-2" id="text-32">
<div id="outline-container-sec-31" class="outline-2">
<h2 id="sec-31">Tor is censored/blocked in my area. What can I do?</h2>
<div class="outline-text-2" id="text-31">
<p>
If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
</p>
@ -1082,9 +1056,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm
</div>
</div>
<div id="outline-container-sec-33" class="outline-2">
<h2 id="sec-33">I want to block a particular domain from getting its content into my social network sites</h2>
<div class="outline-text-2" id="text-33">
<div id="outline-container-sec-32" class="outline-2">
<h2 id="sec-32">I want to block a particular domain from getting its content into my social network sites</h2>
<div class="outline-text-2" id="text-32">
<p>
If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
</p>
@ -1099,9 +1073,9 @@ Select <i>Administrator controls</i> then <i>Domain blocking</i>.
</div>
</div>
<div id="outline-container-sec-34" class="outline-2">
<h2 id="sec-34">The mesh system doesn't boot from USB drive</h2>
<div class="outline-text-2" id="text-34">
<div id="outline-container-sec-33" class="outline-2">
<h2 id="sec-33">The mesh system doesn't boot from USB drive</h2>
<div class="outline-text-2" id="text-33">
<p>
If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
</p>
@ -1112,9 +1086,9 @@ After the system has booted successfully the problem should resolve itself on su
</div>
</div>
<div id="outline-container-sec-35" class="outline-2">
<h2 id="sec-35">Mesh system doesn't connect to the network</h2>
<div class="outline-text-2" id="text-35">
<div id="outline-container-sec-34" class="outline-2">
<h2 id="sec-34">Mesh system doesn't connect to the network</h2>
<div class="outline-text-2" id="text-34">
<p>
Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
</p>