\documentclass[DIV=13,%
BCOR=0mm,%
headinclude=false,%
footinclude=false,%
fontsize=10pt,%
oneside,%
paper=a5]%
{scrartcl}
\usepackage[noautomatic]{imakeidx}
\usepackage{microtype}
\usepackage{graphicx}
\usepackage{alltt}
\usepackage{verbatim}
\usepackage[shortlabels]{enumitem}
\usepackage{tabularx}
\usepackage[normalem]{ulem}
\def\hsout{\bgroup \ULdepth=-.55ex \ULset}
% https://tex.stackexchange.com/questions/22410/strikethrough-in-section-title
% Unclear if \protect \hsout is needed. Doesn't looks so
\DeclareRobustCommand{\sout}[1]{\texorpdfstring{\hsout{#1}}{#1}}
\usepackage{wrapfig}
% avoid breakage on multiple
and avoid the next [] to be eaten
\newcommand*{\forcelinebreak}{\strut\\*{}}
\newcommand*{\hairline}{%
\bigskip%
\noindent \hrulefill%
\bigskip%
}
% reverse indentation for biblio and play
\newenvironment*{amusebiblio}{
\leftskip=\parindent
\parindent=-\parindent
\smallskip
\indent
}{\smallskip}
\newenvironment*{amuseplay}{
\leftskip=\parindent
\parindent=-\parindent
\smallskip
\indent
}{\smallskip}
\newcommand*{\Slash}{\slash\hspace{0pt}}
% http://tex.stackexchange.com/questions/3033/forcing-linebreaks-in-url
\PassOptionsToPackage{hyphens}{url}\usepackage[hyperfootnotes=false,hidelinks,breaklinks=true]{hyperref}
\usepackage{bookmark}
\usepackage{fontspec}
\usepackage{polyglossia}
\setmainlanguage{english}
\setmainfont{texgyrepagella-regular.otf}[Script=Latin,%
Ligatures=TeX,%
Path=/usr/share/texmf/fonts/opentype/public/tex-gyre/,%
BoldFont=texgyrepagella-bold.otf,%
BoldItalicFont=texgyrepagella-bolditalic.otf,%
ItalicFont=texgyrepagella-italic.otf]
\setmonofont{cmuntt.ttf}[Script=Latin,%
Ligatures=TeX,%
Scale=MatchLowercase,%
Path=/usr/share/fonts/truetype/cmu/,%
BoldFont=cmuntb.ttf,%
BoldItalicFont=cmuntx.ttf,%
ItalicFont=cmunit.ttf]
\setsansfont{cmunss.ttf}[Script=Latin,%
Ligatures=TeX,%
Scale=MatchLowercase,%
Path=/usr/share/fonts/truetype/cmu/,%
BoldFont=cmunsx.ttf,%
BoldItalicFont=cmunso.ttf,%
ItalicFont=cmunsi.ttf]
\newfontfamily\englishfont{texgyrepagella-regular.otf}[Script=Latin,%
Ligatures=TeX,%
Path=/usr/share/texmf/fonts/opentype/public/tex-gyre/,%
BoldFont=texgyrepagella-bold.otf,%
BoldItalicFont=texgyrepagella-bolditalic.otf,%
ItalicFont=texgyrepagella-italic.otf]
\let\chapter\section
% global style
\pagestyle{plain}
\usepackage{indentfirst}
% remove the numbering
\setcounter{secnumdepth}{-2}
% remove labels from the captions
\renewcommand*{\captionformat}{}
\renewcommand*{\figureformat}{}
\renewcommand*{\tableformat}{}
\KOMAoption{captions}{belowfigure,nooneline}
\addtokomafont{caption}{\centering}
\deffootnote[3em]{0em}{4em}{\textsuperscript{\thefootnotemark}~}
\addtokomafont{disposition}{\rmfamily}
\addtokomafont{descriptionlabel}{\rmfamily}
\frenchspacing
% avoid vertical glue
\raggedbottom
% this will generate overfull boxes, so we need to set a tolerance
% \pretolerance=1000
% pretolerance is what is accepted for a paragraph without
% hyphenation, so it makes sense to be strict here and let the user
% accept tweak the tolerance instead.
\tolerance=200
% Additional tolerance for bad paragraphs only
\setlength{\emergencystretch}{30pt}
% (try to) forbid widows/orphans
\clubpenalty=10000
\widowpenalty=10000
% given that we said footinclude=false, this should be safe
\setlength{\footskip}{2\baselineskip}
\title{SSL certificates}
\date{}
\author{}
\subtitle{}
% https://groups.google.com/d/topic/comp.text.tex/6fYmcVMbSbQ/discussion
\hypersetup{%
pdfencoding=auto,
pdftitle={SSL certificates},%
pdfauthor={},%
pdfsubject={},%
pdfkeywords={howto; doc}%
}
\begin{document}
\thispagestyle{empty}
\strut\vskip 2em
\begin{center}
{\usekomafont{title}{\huge SSL certificates\par}}%
\vskip 1em
\vskip 2em
\vskip 1.5em
\strut\par
\end{center}
\vskip 3em
\par
By default, during the installation a self-signed certificate is
created. This should be good enough to get you started.
You can set the path to the key and certificate in the admin console,
if you already have them.
If you don't have the certificate, you can request a free, valid, and
hassle-free certificate from Let's Encrypt, turning on the option in
the admin console.
Once enabled, the LE certificates will be checked by the amusewiki
daemon once a day, and renewed automatically if needed (a month before
the expiration). The problem is that you still have to reload the
webserver for the new certificates to pick up. If the logger is
sending you mail, you should see the warning.
Anyway, the debian package installs a cronjob in \texttt{/etc/cron.daily} to
reload nginx once a day to avoid the need to login and reload
manually. You should do the same. See \texttt{debian/amusewiki.cron.daily}
Procedure to create a site with SSL certificates using Let's Encrypt:
First, login in the admin and create the site.
\textbf{Edit the site and check the Let's Encrypt option on}.
Reload the webserver as per instructions.
\begin{alltt}
\# this will print out the instruction to update the webserver conf
script/amusewiki-generate-nginx-conf
\# update the nginx config as per instructions given by the above command.
\# this will fetch the certificates
script/amusewiki-letsencrypt
\# Refresh the configuration to actually use the certificates.
script/amusewiki-generate-nginx-conf
\end{alltt}
If you installed amusewiki with a Debian package, the commands executed by root are:
\begin{alltt}
\# amusewiki generate-nginx-conf
\# amusewiki letsencrypt
\# amusewiki generate-nginx-conf
\end{alltt}
(Same thing as above, but using the \texttt{amusewiki} executable, which is the correct thing to do on Debian).
% begin final page
\clearpage
% new page for the colophon
\thispagestyle{empty}
\begin{center}
\bigskip
\includegraphics[width=0.25\textwidth]{logo-amw.pdf}
\bigskip
\end{center}
\strut
\vfill
\begin{center}
SSL certificates
\bigskip
\bigskip
\textbf{amusewiki.org}
\end{center}
% end final page with colophon
\end{document}
% No format ID passed.