Renew run.demo.haus SSL certificate

Every 3 months it is necessary to renew the certificate for our demo service. This certificate allows all demo started to use the same certificate (a wildcard certificate).

This are the steps that need to be done to renew it:

  • On a terminal: ssh \<user\>@run.demo.haus
  • Become root: sudo su
  • Run the cerbot command that will generate the certificate and give a key necessary for the DNS: certbot certonly --manual --preferred-challenges=dns --email webteam@canonical.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.run.demo.haus
  • Connect to digital ocean and update value for in the DNS zone for _acmechallenge.run.demo.haus with the key provided by the script
  • Back on the terminal: continue the script
  • Once it’s over and succeded: sudo systemctl restart apache2
  • Done!