fix markdown syntax

a5527c7a · anarcat · 24c514c7 · a5527c7a
Verified Commit a5527c7a authored 1 year ago by anarcat
--- a/tls-configuration.md
+++ b/tls-configuration.md
@@ -22,7 +22,7 @@ Changes performed:
 To reproduce the config:

 1. deploy certbot from the fork:
-```
+
        git clone https://github.com/certbot/certbot/
        cd certbot
        git remote add -f hpax https://github.com/hpax/certbot.git
@@ -33,48 +33,48 @@ cd certbot
        ~/.virtualenv/certbot/bin/pip3 install .
        cd ../certbot-dns-rfc2136
        ~/.virtualenv/certbot/bin/pip3 install .
-```
+
 1. configure a `/etc/letsencrypt/rfc2136-credentials.ini` file with the following content (e.g. on che), the `dns_rfc2136_name`, `dns_rfc2136_secret` and `dns_rfc2136_algorithm` parameters are magic and come from the DNS primary :
-```
+
        # Target DNS server
        #dns_rfc2136_server = ns2.riseup.net.
-1. https://github.com/certbot/certbot/issues/7871
+        # https://github.com/certbot/certbot/issues/7871
        dns_rfc2136_server = 204.13.164.8
-1. Target DNS port
+        # Target DNS port
        dns_rfc2136_port = 53
-1. TSIG key name
+        # TSIG key name
        dns_rfc2136_name = che_ircd_key
-1. TSIG key secret
+        # TSIG key secret
        dns_rfc2136_secret = [CENSORED]==
-1. TSIG key algorithm
+        # TSIG key algorithm
        dns_rfc2136_algorithm = HMAC-SHA512
-```
+
 1. create the certificate:
-```
+
        ~/.virtualenv/certbot/bin/certbot --dns-rfc2136-credentials /etc/letsencrypt/rfc2136-credentials.ini  certonly -d irc.indymedia.org --register-unsafely-without-email --dns-rfc2136 --reuse-key
-```
+
 1. change permissions on the generated cert:
-```
+
        chown -R :ssl-cert /etc/letsencrypt/archive/
        chmod -R g+rX /etc/letsencrypt/archive/
-```
+
 1. add the cert to `/etc/charybdis/ircd.conf` and restart the ircd
-```
+
        service charybdis restart
-```
+
 1. extract the new SHA256 private key fingerprint:
-```
+
        certtool --pubkey-info --load-privkey /etc/letsencrypt/live/irc.indymedia.org/privkey.pem |  grep -i sha256 | grep -v pin-
-```
+
 1. add that key to the `connect` block on the other servers, and restarted those ircds:
-```
+
        service charybdis restart
-```
+
 1. create cronjob to use patched certbot for renewals:
-```
+
        cat > /etc/cron.daily/certbot-rfc2136 <<EOF
-1. We need to use our patched version of certbot to renew certs so that DNS-01
-1. challenges can be completed
+        # We need to use our patched version of certbot to renew certs so that DNS-01
+        # challenges can be completed

        SHELL=/bin/sh
        PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
@@ -84,20 +84,20 @@ EOF
        cat > /usr/local/bin/patched_certbot_renew <<EOF
        #!/bin/sh

-1. Use the patched certbot to renew certificates
+        # Use the patched certbot to renew certificates
        /root/.virtualenv/certbot/bin/certbot -q renew
        EOF
        chmod a+x /usr/local/bin/patched_certbot_renew
-```
+
 1. create renewal hook so that charybdis takes on the new certificates automatically
-```
+
        cat > /etc/letsencrypt/renewal-hooks/deploy/charybdis <<EOF
        #!/bin/sh

        /usr/sbin/service charybdis reload
        EOF
        chmod a+x /etc/letsencrypt/renewal-hooks/deploy/charybdis
-```
+

 To configure a DNS primary server, the following command need to be issued: