Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Improve Let's Encrypt doc * Mention to first setup without SSL if nothing running on port 80 or 443 [ci skip]
- Loading branch information
Showing
1 changed file
with
20 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
443b468
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On all platforms which OpenProject supports let's encrypt certbot is available as installable package. We should prefer this way of installation. This would allow automatic updates of the certbot package, which is important for security oriented software.
Another problem, as documented all installations will hit letsencrypt servers at 1am flat (ok, at different time zones). Let's encrypt most likely will handle this extra load, but in their documentation they are adding randomization of time (see https://certbot.eff.org/lets-encrypt/pip-other step 5). Installing certbot via package sets up renewal automatically, so we will not need to document that part.