sudo
Won't work. Reserved IPs don't have Ptr records [ so no mail ] and explicitly DO says reserved IPs can be used for mail.
Useless for my use case.
Ping google's DNS IP
ping6 2001:4860:4860::8888
If you had provided your ~/.ssh/id_rsa.pub file as certificate during box creation, then you can login without any password.
Edit /etc/selinux/config
set selinux=disabled and reboot.
Or run sudo setenforce 0 instead of rebooting.
useradd habib -G wheel
useradd and adduser now are the same binary on Fedora. Even if historically those might have been different.
sudo/etc/sudoers
Un comment the following line. Search for /wheel and change the line with NOPASSWD. There's a similar line above it, ignore.
## Same thing without a password %wheel ALL=(ALL) NOPASSWD: ALL
/root/.ssh/authorized_keys into your non-root account's home directory.
mkdir /home/habib/.ssh cp .ssh/authorized_keys /home/habib/.ssh/ chown habib.habib -R /home/habib/.ssh
Now you should be able to ssh into the box using your personal username and then run sudo without password for everything.
But for allowing you to password less login into other boxes copy the private keys into this new box.
From your working machine
scp ~/.ssh/id_ras box:~/.ssh/ scp ~/.ssh/id_ras.pub box:~/.ssh/
Also copy these certs into root accounts /root/.ssh directory so that you can sudo ssh for root login into remove machines. Good for copying files that only allow root access.
sudo cp ~/.ssh/id_rsa* /root/.ssh/
Now you are ready. You can cross ssh from any machine to any other.
sudo dnf install -y certbot sudo rsync box:/etc/letsencrypt/live/ /etc/letsencrypt/live/ -vaL
Use the -L switch so that you copy the actual files and not only the links.
You also need to copy /etc/letsencrypt/options-ssl-apache.conf as Apache server needs it.
sudo yum install -y \ vim lsd pv \ dovecot postfix \ httpd mod_ssl \ php-devel php-pear mod_ssl \ php-maxmind-db-reader geolite2-ans geolite2-city geolite2-country \ php-pecl-imagick \ pv htop
/etc/selinux/config MOST IMPORTANT!!! otherwise nothing will work, not even the httpd server will start.
/web/extInclude /web/vhosts/httpd.conf to /etc/httpd/conf/httpd.conf. Also you need to change apache user/group from apache to habib- Change user/group to habib in /etc/php-fpm.d/www.conf too.
/web/ /etc/httpd/conf/httpd.conf /etc/httpd/conf.d/10-ssl.conf /etc/httpd/conf.d/roundcubemail.conf /etc/php.ini /etc/php-fpm.ini /etc/php-fpm.d/www.conf /etc/letsencrypt/ /etc/dovecot/local.conf /etc/dovecot/conf.d/10-master.conf /etc/dovecot/conf.d/10-auth.conf /etc/postfix/master.cf /etc/postfix/main.cf /etc/python-policyd-spf/policyd-spf.conf
sudo chown habib.habib /var/lib/php/session
sudo dnf install -y python3-certbot-dns-digitalocean
delete the old letsencrypt directory you copied from the other sierver sudo rm /etc/letsencrypt/ but save the /etc/letsencrypt/options-ssl-apache.conf files and copy it back to this place when you are done. Apache server needs it.
And then run this command for new certificate
sudo certbot certonly \ --cert-name habibur.com \ --preferred-challenges=dns \ -d habibur.com -d '*.habibur.com' \ -d sanjir.com -d '*.sanjir.com' \ ... other domains like above ...
When prompt enter the digitalocean key file in /web/digitalocean/api.ini. You can rsync copy this key file from the old server.
You can find the above commands already saved in batch files in /web/digitalocean/
Certbot says it installs a background job for updating. If that doesn't work there's always the manual process of running sudo certbot renew from crontab.