From 012e2e89d63ff9dac6271c1ff465eae2da2e17be Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 7 Mar 2015 21:54:50 +0000 Subject: [PATCH] Backup before changing certificates --- doc/EN/faq.org | 2 ++ website/EN/faq.html | 11 +++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/doc/EN/faq.org b/doc/EN/faq.org index c97824fe..014c61c9 100644 --- a/doc/EN/faq.org +++ b/doc/EN/faq.org @@ -244,6 +244,8 @@ Now visit your web site at https://mydomainname.com and you should notice that t * How do I renew a StartSSL certificate? The StartSSL certificates last for a year. You can check the expiry date of your current certificate/s by going to your site and if you're using Firefox then click on the *lock icon*, select "*more information*" then "*view certificate*". +Before changing any certificates it's a good idea to make a backup of the existing system. Plug in a USB drive, log into the Freedombone and become the root user, then run the command *backup*. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones. + Make sure that you have the StartSSL certificate which was created when you initially made an account. You did save it somewhere safe, didn't you? If it's not installed into your browser then in Firefox go to *Menu/Preferences/Advanced/View Certificates*. Make sure the "*Your Cerificates*" tab is selected and click "*import*", then import the StartSSL certificate. Now go to [[startssl.com]] and click on the keys icon on the right hand side to log in. Select the *Control panel* then *Validations Wizard* and choose *Email address validation*. Enter your email address, then wait for the validation email to show up in your inbox. It will contain a code when you can then enter. diff --git a/website/EN/faq.html b/website/EN/faq.html index d9294bc3..63b5af1d 100644 --- a/website/EN/faq.html +++ b/website/EN/faq.html @@ -4,7 +4,7 @@ - + @@ -565,6 +565,10 @@ Now visit your web site at https://mydomainn The StartSSL certificates last for a year. You can check the expiry date of your current certificate/s by going to your site and if you're using Firefox then click on the lock icon, select "more information" then "view certificate".

+

+Before changing any certificates it's a good idea to make a backup of the existing system. Plug in a USB drive, log into the Freedombone and become the root user, then run the command backup. Backing up may take a while, but it ensures that if anything goes wrong and you mess up the certificates then there is a way to restore the previous ones. +

+

Make sure that you have the StartSSL certificate which was created when you initially made an account. You did save it somewhere safe, didn't you? If it's not installed into your browser then in Firefox go to Menu/Preferences/Advanced/View Certificates. Make sure the "Your Cerificates" tab is selected and click "import", then import the StartSSL certificate.

@@ -694,7 +698,10 @@ To avoid any possibility of the certificates being accidentally overwritten by s
-
cp /etc/ssl/certs/$HOSTNAME* /etc/ssl/backups/certs/
+
mkdir /etc/ssl/backups
+mkdir /etc/ssl/backups/certs
+mkdir /etc/ssl/backups/private
+cp /etc/ssl/certs/$HOSTNAME* /etc/ssl/backups/certs/
 cp /etc/ssl/private/$HOSTNAME* /etc/ssl/backups/private/
 chmod -R 400 /etc/ssl/backups/certs/*
 chmod -R 400 /etc/ssl/backups/private/*