| [[How do I get a "real" SSL/TLS/HTTPS certificate?]] |
| [[How do I renew a Let's Encrypt certificate?]] |
| [[I tried to renew a Let's Encrypt certificate and it failed. What should I do?]] |
| [[Why not use the services of $company instead? They took the Seppuku pledge]] |
...
...
@@ -306,16 +305,6 @@ service exim4 restart
You should now be able to send an email from /postmaster@mynewdomainname/ and it should arrive in your inbox.
* How do I get a "real" SSL/TLS/HTTPS certificate?
If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
#+begin_src bash
ssh username@mydomainname -p 2222
#+end_src
Select /Administrator controls/ then *Security settings* then *Create a new Let's Encrypt certificate*.
One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
* How do I renew a Let's Encrypt certificate?
Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
<h2id="sec-27">How do I get a "real" SSL/TLS/HTTPS certificate?</h2>
<h2id="sec-27">How do I renew a Let's Encrypt certificate?</h2>
<divclass="outline-text-2"id="text-27">
<p>
If you did the full install or selected the social variant then the system will have tried to obtain a Let's Encrypt certificate automatically during the install process. If this failed for any reason, or if you have created a new site which you need a certificate for then do the following:
Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Create a new Let's Encrypt certificate</b>.
</p>
<p>
One thing to be aware of is that Let's Encrypt doesn't support many dynamic DNS subdomains, such as those from freeDNS, so to run Hubzilla and GNU Social you will need to have your own official domains for those. There are many sites from which you can buy cheap domain names, and while this isn't ideal in terms of making you dependent upon another company it's the only option currently.
<h2id="sec-28">How do I renew a Let's Encrypt certificate?</h2>
<divclass="outline-text-2"id="text-28">
<p>
Normally certificates will be automatically renewed once per month, so you don't need to be concerned about it. If anything goes wrong with the automatic renewal then you should receive a warning email.
</p>
...
...
@@ -995,9 +969,9 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Renew
<h2id="sec-28">I tried to renew a Let's Encrypt certificate and it failed. What should I do?</h2>
<divclass="outline-text-2"id="text-28">
<p>
Most likely it's because Let's Encrypt doesn't support your particular domain or subdomain. Currently free subdomains tend not to work. You'll need to buy a domain name, link it to your dynamic DNS account and then do:
</p>
...
...
@@ -1013,17 +987,17 @@ Select <i>Administrator controls</i> then <b>Security settings</b> then <b>Creat
<h2id="sec-29">Why not use the services of $company instead? They took the Seppuku pledge</h2>
<divclass="outline-text-2"id="text-29">
<p>
<ahref="https://cryptostorm.org/viewtopic.php?f=63&t=2954&sid=7de2d1e699cfde2f574e6a7f6ea5a173">That pledge</a> is utterly worthless. Years ago people trusted Google in the same sort of way, because they promised not be be evil and because a lot of the engineers working for them seemed like honest types who were "<i>on our side</i>". Post-<ahref="https://en.wikipedia.org/wiki/Nymwars">nymwars</a> and post-<ahref="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">PRISM</a> we know exactly how much Google cared about the privacy and security of its users. But Google is only one particular example. In general don't trust pledges made by companies, even if the people running them seem really sincere.
<h2id="sec-30">Why does my email keep getting rejected as spam by Gmail/etc?</h2>
<divclass="outline-text-2"id="text-30">
<p>
Welcome to the world of email. Email is really the archetypal decentralized service, developed during the early days of the internet. In principle anyone can run an email server, and that's exactly what you're doing with Freedombone. Email is very useful, but it has a big problem, and that's that the protocols are totally insecure. That made it easy for spammers to do their thing, and in response highly elaborate spam filtering and blocking systems were developed. Chances are that your emails are being blocked in this way. Sometimes the blocking is so indisciminate that entire countries are excluded. What can you do about it? Unless you control the block list at the receiving end you may not be able to do much unless you can find an email proxy server which is trusted by the receiving server.
</p>
...
...
@@ -1055,9 +1029,9 @@ So the situation with email presently is pretty bad, and there's a clear selecti
<h2id="sec-31">Tor is censored/blocked in my area. What can I do?</h2>
<divclass="outline-text-2"id="text-31">
<p>
If you can find some details for an obfs4 Tor bridge (its IP address, port number and key or nickname) then you can set up the system to use it to connect to the Tor network. Unlike relay nodes the IP addresses for bridges are not public information and so can't be easily known and added to block lists by authoritarian regimes or over-zealous ISPs.
</p>
...
...
@@ -1082,9 +1056,9 @@ You can also set your system to act as a Tor bridge, although this is not recomm
<h2id="sec-32">I want to block a particular domain from getting its content into my social network sites</h2>
<divclass="outline-text-2"id="text-32">
<p>
If you're being pestered by some domain which contains bad/illegal/harrassing content or irritating users you can block domains at the firewall level. Go to the administrator control panel and select <i>domain blocking</i>. You can then block, unblock and view the list of blocked domains.
</p>
...
...
@@ -1099,9 +1073,9 @@ Select <i>Administrator controls</i> then <i>Domain blocking</i>.
<h2id="sec-33">The mesh system doesn't boot from USB drive</h2>
<divclass="outline-text-2"id="text-33">
<p>
If the system doesn't boot and reports an error which includes <b>/dev/mapper/loop0p1</b> then reboot with <b>Ctrl-Alt-Del</b> and when you see the grub menu press <b>e</b> and manually change <b>/dev/mapper/loop0p1</b> to <b>/dev/sdb1</b>, then press <b>Ctrl-x</b>. If that doesn't work then reboot and try <b>/dev/sdc1</b> instead.
</p>
...
...
@@ -1112,9 +1086,9 @@ After the system has booted successfully the problem should resolve itself on su
<h2id="sec-34">Mesh system doesn't connect to the network</h2>
<divclass="outline-text-2"id="text-34">
<p>
Sometimes after boot the mesh system won't connect to other peers on the network. If this happens select the <b>network restart</b> icon and enter the password, which by default is just "freedombone". Wait for a few minutes to see if it connects.
