g2s web server certificate about to expire

[sheridancbio]

The g2s web server https/ssl certificate will expire Tuesday, August 23, 2022 at 3:08:23 PM Eastern Daylight Time

A renewal of the certificate is needed before that time. If we could automate this renewal process, that would be even better. The certificate is issued by Let's Encrypt.

[onursumer]

Instructions provided by Juexin:

1) #ssh to AWS EC2 instance hosting g2s
ssh -i ~/.ssh/g2s.pem [email protected]

2) #EC2 using screen to host running SpringBoot. Stop SpringBoot and start tomcat8 just for renewal process
screen -r 3468
ctrl-C to stop
sudo service tomcat8 start

3) #Renew Processes:
#stop spring-boot instance first, iptables allow 80,443, but don't use reroute(iptable not need anymore)
#In my folder, find cerbot-auto
sudo ./certbot-auto certonly
#select webroot in the step, domain name: g2s.genomenexus.org select webroot as /usr/share/tomcat8/webapps/ROOT
#This will generate certification files in /etc/letsencrypt/live/g2s.genomenexus.org/

sudo openssl pkcs12 -export -in /etc/letsencrypt/live/g2s.genomenexus.org/fullchain.pem -inkey /etc/letsencrypt/live/g2s.genomenexus.org/privkey.pem -out keystore.p12 -name tomcat -CAfile /etc/letsencrypt/live/g2s.genomenexus.org/chain.pem -caname juexinwang

password: 123456

4) #copy credential to the project
cp keystore.p12 pdb-annotation/pdb-alignment-web/src/main/resources

5) #Stop tomcat8 and startup spring-boot
sudo service tomcat8 stop
#start spring-boot
#Add reroute in iptables(Do not need anymore)

[onursumer]

These instructions seem to be working. We should probably combine these in a single script which we can (auto)run every ~90 days.

[inodb]

Crontab has been added, will starting running from november 15th every three months. Let's see if it works (thanks @onursumer !!)