# TLS Rotation - We need `media.hachyderm.io` working on CDN nodes - We need `hachyderm.io` working on CDN nodes ### cdn-fremont-1 ```bash sudo certbot delete --cert-name cla.aurae.io sudo certbot delete --cert-name privilegeescalation.org sudo certbot delete --cert-name grafana.hachyderm.io ``` ```bash certbot certonly -d media.hachyderm.io --nginx Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/media.hachyderm.io-0001/fullchain.pem Key is saved at: /etc/letsencrypt/live/media.hachyderm.io-0001/privkey.pem ``` ### slappy So this is the server that the **LetsEncrypt ACME** challenge resolves `hachyderm.io` to. ```bash certbot certonly -d hachyderm.io --nginx Successfully received certificate. Certificate is saved at: /etc/letsencrypt/live/hachyderm.io-0001/fullchain.pem Key is saved at: /etc/letsencrypt/live/hachyderm.io-0001/privkey.pem ``` ### General Steps - [ ] Rotate `media.hachyderm.io` on `cdn-fremont-1` - [ ] Scp new certs from `/etc/letsencrypt/live` to fleet - [ ] Rotate `hachyderm.io` on `esme.hachyderm.io` - [ ] Scp new certs from `/etc/letsencrypt/live` to fleet ``` # Example scp command scp -r /etc/letsencrypt/live/media.hachyderm.io* root@cdn-frankfurt-1.hachyderm.io:/etc/letsencrypt/live ```