# Administration This page describes how to accomplish certain administration tasks on [WWW](/services/www.md) ## SSL We use Let's Encrypt for SSL, using Certbot. Let's Encrypt certificates expire every 90 days and are renewed every 60 days. Renewal is automated, but several other servers use the wildcard certificate and must pull the updated one. The most important of these are the mail servers, which use the certificate for SMTP. The script `update-ssl.sh` in the root home directory of Casey and Smith should handle this. After certificates are renewed, run the update-ssl script on: * Mail servers (Smith and Casey) * IPA servers, for the web ui * Monitor/Grafana ## Scripts This section contains various other scripts to do useful things on [WWW](/services/www.md). ### What to do if the webserver goes down 1. Log in to remote.tjhsst.edu (or if you're already on the internal network, that's fine too) 2. `ssh root@www` 3. `systemctl restart nginx` This restarts nginx and ensures that the service manager is still in a consistent state. The website should work after this (if not, try clearing cache/etc, it's possible a redirect to an error page might've been cached, although it shouldn't be). ### If SSL doesn't renew automatically The certbot command is `certbot certonly`\ `--manual \`\ `--preferred-challenges dns \`\ `--manual-auth-hook /usr/local/bin/certbot-ipa-dns-update.sh \`\ `--deploy-hook "nginx -s reload" \`\ `--manual-cleanup-hook /usr/local/bin/certbot-ipa-dns-cleanup.sh \`\ `-d tjhsst.edu \`\ `-d '*.tjhsst.edu' \`\ `--non-interactive --agree-tos -m lead-sysadmins@tjhsst.edu --no-eff-email \`\ `--expand` You can try running this manually to see the error. You can also look at the script in `/usr/local/bin/certbot-ipa-dns-update.sh` to see what it's supposed to do. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://documentation.tjhsst.edu/services/www/administration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.