QualityBox is configured to run using HTTPS by default. We use HAProxy to act as the front-end load-balancer (you can run with an unmanaged load-balancer if desired). The certificates are provisioned by the EFF’s LetsEncrypt project.
What certs do I have?
sudo certbot certificates
How do I expand a cert to include some sub-domains? (wildcard certs are not supported)
Assuming you have a certificate for ‘example.org’ and want to expand it to include a few sub-domains.
sudo certbot certonly --cert-name example.org --expand -d wiki.example.org -d example.org -d www.example.org
How do I cleanup my old/test certificates?
DOMAIN=example.com
sudo certbot revoke --cert-path /etc/letsencrypt/live/$DOMAIN/cert.pem
sudo certbot delete --cert-name $DOMAIN
How do I obtain a new certificate?
Either run certbot on the host.
certbot certonly -d foo.example.org --dry-run
certbot certonly -d foo.example.org
Or, run the ansible-certbot role on a control host.
ansible-playbook -i hosts letsencrypt.yml