Let's Encrypt certificate needs to be renewed

Background

The Let's Encrypt certificate will expire on Dec 26 07:39:46 2018 GMT and must to be renewed before that date.

Task description

The website deployed by this repo supports encrypted communication through HTTPS using a TLS digital certificate provided by Let's Encrypt.

These certificates are valid only for three months, and thus need to be periodically renewed. In order to do so, follow these steps.

Untick "Force domains with SSL certificates to use HTTPS" on the page settings and on the docs-website page settings.

Clone and run the certboot tool to generate a new certificate:

git clone https://github.com/certbot/certbot
cd certbot && ./letsencrypt-auto certonly -a manual -d buildstream.build -d www.buildstream.build -d docs.buildstream.build

When the first ACME challenge token is displayed, do not press enter yet.

If the challenge is for docs.buildstream.build, do the following
- In the docs-website ci settings, change variable ACME_CHALLENGE to the challenge.
- In the docs-website pipelines, create a new pipeline for master.
- Wait for the pipeline to complete, and verify the challenge URL.
If the challenge is for buildstream.build or www.buildstream.build, do the following
- On another terminal, follow the instructions and add a new challenge file with the filename specified to the content/.well-known/acme-challenge directory with the token given.
- Push the new content and redeploy the website:
  
  git add content/.well-known/acme-challenge/ git commit -m "Update Let's Encrypt ACME challenge" git push origin master
- Wait until the pipeline is finished. And then verify the ACME challenge URL.
Go back to the terminal and press enter. Another challenge might be requested. Follow the previous points again.
On the buildstream.build domain settings replace Certificate (PEM) with updated fullchain.pem and Key (PEM) with updated privkey.pem. Do the same for www.buildstream.build domain settings. And the same for docs.buildstream.build domain settings in pages settings of BuildStream/buildstream
Tick back "Force domains with SSL certificates to use HTTPS" on the page settings and the docs-website page settings.
Update the due date for this issue for three months later.

Acceptance Criteria

It is possible to access https://buildstream.build https://www.buildstream.build and https://docs.buildstream.build with no warnings displayed concerning the certificate.

Edited Jun 21, 2023 by toscalix