7. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssh/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
8. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
9. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssh/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
### place ssl/tls certificate and key-file (unfortunately not scriptable due to security best-practices)
1. Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
2. Establish a ssh connection onto your server.
...
...
@@ -82,14 +93,10 @@ otree_users:
And now run the playbook.
## change the configuration
1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.
## setup ssh keys
1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
1. Adapt your inventory-config again with ``nano /opt/otree/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.