From 5204050b9cf1972c7f42a00a950319d4358d4df3 Mon Sep 17 00:00:00 2001 From: beardy-unixer Date: Mon, 25 Mar 2013 15:50:21 -0700 Subject: [PATCH] Add some clairty for common pitfalls, fix typo, and rephrase an old Debian bug in the past tense, since it was fixed nearly a year ago. --- Running-Friendica-with-SSL.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Running-Friendica-with-SSL.md b/Running-Friendica-with-SSL.md index f79fadd..9d46aed 100644 --- a/Running-Friendica-with-SSL.md +++ b/Running-Friendica-with-SSL.md @@ -106,7 +106,7 @@ Just restart Apache when you're done, whichever way you decide to do it. First, update to the latest Friendica code. Then follow the above instructions to get your free certificate. But instead of following the Apache installation instructions, do this: -Upload your certificate. It doesn't matter where to, as long as Nginx can find it. Some people use ``/home/randomlettersandnumbers`` to keep it in out of paranoia, but you can put it anywhere, so we'll call it ``/foo/bar``. +Get your certificated from the StartSSL "Toolbox". Save it as ssl.cert, and upload it. It doesn't matter where to, as long as Nginx can find it. Some people use ``/home/randomlettersandnumbers`` to keep it in out of paranoia, but you can put it anywhere, so we'll call it ``/foo/bar``. You can remove the password if you like. This is probably bad practice, but if you don't, you'll have to enter the password every time you restart nginx. To remove it: @@ -118,9 +118,9 @@ Now, grab the helper certificate: Now you need to merge the files: -``cat ssl.crt sub.class1.server.ca.pem > ssl.crt`` +``cat ssl.cert sub.class1.server.ca.pem > ssl.crt`` -In some configurations there is a bug, and this doesn't quite work properly. You may now need to edit ssl.crt, so: +In some older configurations there was a bug here, and this didn't quite work properly. You *may* now need to edit ssl.crt, so: ``nano /foo/bar/ssl.crt`` @@ -149,6 +149,8 @@ In ``/etc/nginx/sites-available/foo.com.conf`` you need something like: listen [::]:443 ipv6only=on ssl; + server_name example.com; + ssl_certificate /foo/bar/ssl.crt; ssl_certificate_key /foo/bar/ssl.key;