...
- Put the cert(s) in place on the server; check permissions
- For a CA-signed cert there are usually 2. The cert itself and the intermediate cert (gd_bundle)
- fill in the ansible config values for ssl stuff
- use_ssl: true
- locations of key and cert
- run an ansible playbook that just does that apache setup
- First check/change 'hosts' in the top-level 'app-config.yml' playbook
- ansible-playbook -i hosts update-ssl.yml --ask-vault-pass [-e hosts=staging]
- This playbook should also restart apache for you.
- referenced: https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#apache
Forcing all traffic to SSL
Until Ansible script is adjusted, manually add
redirect / https://hydra.chemheritage.org just below Document Root in /etc/apache2/sites-enabled/sufia-project.conf