From 6b6133d6623b86c93b8e16323a6ca1c66d1d0a32 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Sat, 16 Jun 2018 21:22:37 +0100
Subject: [PATCH] Since letsencrypt is now automatic this isn't needed anymore

---
 doc/EN/faq.org      | 11 ------
 website/EN/faq.html | 88 ++++++++++++++++-----------------------------
 2 files changed, 31 insertions(+), 68 deletions(-)

diff --git a/doc/EN/faq.org b/doc/EN/faq.org
index 016d100c..43e16564 100644
--- a/doc/EN/faq.org
+++ b/doc/EN/faq.org
@@ -43,7 +43,6 @@
 | [[Why isn't dynamic DNS working?]]                                                            |
 | [[How do I change my encryption settings?]]                                                   |
 | [[How do I get a domain name?]]                                                               |
-| [[How do I get a "real" SSL/TLS/HTTPS certificate?]]                                          |
 | [[How do I renew a Let's Encrypt certificate?]]                                               |
 | [[I tried to renew a Let's Encrypt certificate and it failed. What should I do?]]             |
 | [[Why not use the services of $company instead? They took the Seppuku pledge]]                |
@@ -306,16 +305,6 @@ service exim4 restart
 
 You should now be able to send an email from /postmaster@mynewdomainname/ and it should arrive in your inbox.
 
-* How do I get a "real" SSL/TLS/HTTPS certificate?
-If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
-
-#+begin_src bash
-ssh username@mydomainname -p 2222
-#+end_src
-
-Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
-
-One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
 * How do I renew a Let's Encrypt certificate?
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
 
diff --git a/website/EN/faq.html b/website/EN/faq.html
index 9ba77a42..f572afea 100644
--- a/website/EN/faq.html
+++ b/website/EN/faq.html
@@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
 <title></title>
-<!-- 2018-06-16 Sat 21:18 -->
+<!-- 2018-06-16 Sat 21:22 -->
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta  name="generator" content="Org-mode" />
 <meta  name="author" content="Bob Mottram" />
@@ -275,39 +275,35 @@ for the JavaScript code in this tag.
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</a></td>
+<td class="left"><a href="#sec-27">How do I renew a Let's Encrypt certificate?</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-28">How do I renew a Let's Encrypt certificate?</a></td>
+<td class="left"><a href="#sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</a></td>
+<td class="left"><a href="#sec-29">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-30">Why not use the services of $company instead? They took the Seppuku pledge</a></td>
+<td class="left"><a href="#sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</a></td>
+<td class="left"><a href="#sec-31">Tor is censored/blocked in my area. What can I do?</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-32">Tor is censored/blocked in my area. What can I do?</a></td>
+<td class="left"><a href="#sec-32">I want to block a particular domain from getting its content into my social network sites</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-33">I want to block a particular domain from getting its content into my social network sites</a></td>
+<td class="left"><a href="#sec-33">The mesh system doesn't boot from USB drive</a></td>
 </tr>
 
 <tr>
-<td class="left"><a href="#sec-34">The mesh system doesn't boot from USB drive</a></td>
-</tr>
-
-<tr>
-<td class="left"><a href="#sec-35">Mesh system doesn't connect to the network</a></td>
+<td class="left"><a href="#sec-34">Mesh system doesn't connect to the network</a></td>
 </tr>
 </tbody>
 </table>
@@ -952,31 +948,9 @@ You should now be able to send an email from <i>postmaster@mynewdomainname</i> a
 </div>
 
 <div id="outline-container-sec-27" class="outline-2">
-<h2 id="sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
+<h2 id="sec-27">How do I renew a Let's Encrypt certificate?</h2>
 <div class="outline-text-2" id="text-27">
 <p>
-If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
-</p>
-
-<div class="org-src-container">
-
-<pre class="src src-bash">ssh username@mydomainname -p 2222
-</pre>
-</div>
-
-<p>
-Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
-</p>
-
-<p>
-One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
-</p>
-</div>
-</div>
-<div id="outline-container-sec-28" class="outline-2">
-<h2 id="sec-28">How do I renew a Let's Encrypt certificate?</h2>
-<div class="outline-text-2" id="text-28">
-<p>
 Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
 </p>
 
@@ -995,9 +969,9 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew
 </p>
 </div>
 </div>
-<div id="outline-container-sec-29" class="outline-2">
-<h2 id="sec-29">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
-<div class="outline-text-2" id="text-29">
+<div id="outline-container-sec-28" class="outline-2">
+<h2 id="sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
+<div class="outline-text-2" id="text-28">
 <p>
 Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
 </p>
@@ -1013,17 +987,17 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Creat
 </p>
 </div>
 </div>
-<div id="outline-container-sec-30" class="outline-2">
-<h2 id="sec-30">Why not use the services of $company instead? They took the Seppuku pledge</h2>
-<div class="outline-text-2" id="text-30">
+<div id="outline-container-sec-29" class="outline-2">
+<h2 id="sec-29">Why not use the services of $company instead? They took the Seppuku pledge</h2>
+<div class="outline-text-2" id="text-29">
 <p>
 <a href="https://cryptostorm.org/viewtopic.php?f=63&t=2954&sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<a href="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<a href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
 </p>
 </div>
 </div>
-<div id="outline-container-sec-31" class="outline-2">
-<h2 id="sec-31">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
-<div class="outline-text-2" id="text-31">
+<div id="outline-container-sec-30" class="outline-2">
+<h2 id="sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
+<div class="outline-text-2" id="text-30">
 <p>
 Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
 </p>
@@ -1055,9 +1029,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti
 </p>
 </div>
 </div>
-<div id="outline-container-sec-32" class="outline-2">
-<h2 id="sec-32">Tor is censored/blocked in my area. What can I do?</h2>
-<div class="outline-text-2" id="text-32">
+<div id="outline-container-sec-31" class="outline-2">
+<h2 id="sec-31">Tor is censored/blocked in my area. What can I do?</h2>
+<div class="outline-text-2" id="text-31">
 <p>
 If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
 </p>
@@ -1082,9 +1056,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm
 </div>
 </div>
 
-<div id="outline-container-sec-33" class="outline-2">
-<h2 id="sec-33">I want to block a particular domain from getting its content into my social network sites</h2>
-<div class="outline-text-2" id="text-33">
+<div id="outline-container-sec-32" class="outline-2">
+<h2 id="sec-32">I want to block a particular domain from getting its content into my social network sites</h2>
+<div class="outline-text-2" id="text-32">
 <p>
 If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
 </p>
@@ -1099,9 +1073,9 @@ Select <i>Administrator controls</i> then <i>Domain blocking</i>.
 </div>
 </div>
 
-<div id="outline-container-sec-34" class="outline-2">
-<h2 id="sec-34">The mesh system doesn't boot from USB drive</h2>
-<div class="outline-text-2" id="text-34">
+<div id="outline-container-sec-33" class="outline-2">
+<h2 id="sec-33">The mesh system doesn't boot from USB drive</h2>
+<div class="outline-text-2" id="text-33">
 <p>
 If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
 </p>
@@ -1112,9 +1086,9 @@ After the system has booted successfully the problem should resolve itself on su
 </div>
 </div>
 
-<div id="outline-container-sec-35" class="outline-2">
-<h2 id="sec-35">Mesh system doesn't connect to the network</h2>
-<div class="outline-text-2" id="text-35">
+<div id="outline-container-sec-34" class="outline-2">
+<h2 id="sec-34">Mesh system doesn't connect to the network</h2>
+<div class="outline-text-2" id="text-34">
 <p>
 Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
 </p>