On 12/05/2015 05:44 PM, Christian Ridderström wrote: > I'm for enabling HTTPS, and have actually thought it's something we > ought to have... > So I took a look at letsencrypt tonight. It seems doable, but I'm a > little concerned it'll take more work than its worth. > Roughly: > - Ensure dependencies are met (this is probably not so bad) > - Install the Letsencrypt (LE) client > - Make LE work and get a certificate > Involves setting up a private key, and I think submitting some > e-mail address > to letsencrypt. Not sure what address that should be - is there e.g. > an ad...@lyx.org <mailto:ad...@lyx.org>? > - Make some cron job or similar renew the certificate every 90 days > - Adjust links on wiki and web pages to support working over HTTPS > (maybe links have HTTP hardcoded for instance) > > Note: The LE client needs root access, e.g. to stop/start apache, and > to do other stuff in order to prove to the LE servers that we (i.e. > the server) really are the one controlling www.lyx.org > <http://www.lyx.org> and wiki.lyx.org <http://wiki.lyx.org>. The cron > job then also needs root/sudo in order to update the client.
I've been looking at this, too. I'm thinking that, once classes are over and I have a bit of time, I'll try installing an LE certificate on one of my own servers, and see how that goes. Once I have some experience with that, we can perhaps revisit this issue. Richard
