aisaka: use a Let’s Encrypt certificate for the test subdomain

The prototype of the client certificate authentication is suboptimal.
The use of a private certificate authority for server authentication causes unnecessary security warnings when loading the subdomain with an unauthenticated browser.
Any browser in its default configuration has no right to understand the private certificate authority used for the client and server certificates.

It is possible to mix Let’s Encrypt certificates with a private certificate authority to implement the authentication.
None of the previously found client authentication guides mentioned that server authentication can use an authority chain different to client authentication.
This change takes advantage of this separation of concerns by using a Let’s Encrypt certificate for the test subdomain server, while keeping the private certificate for client authentication.

1 files changed, 2 insertions, 2 deletions

diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 6b3b2f6..2b9484b 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -421,8 +421,8 @@
         (listen (list "192.168.10.2:443 ssl"))
         (root "/home/marek/Publiczne/test")
         (server-name (list "test.marekpasnikowski.pl"))
-        (ssl-certificate "/home/marek/CA/test.crt")
-        (ssl-certificate-key "/home/marek/CA/test.key")
+        (ssl-certificate "/etc/letsencrypt/live/marekpasnikowski.pl/fullchain.pem")
+        (ssl-certificate-key "/etc/letsencrypt/live/marekpasnikowski.pl/privkey.pem")
         (raw-content (list "ssl_client_certificate /home/marek/CA/root_certificate.pem;"
                            "ssl_verify_client on;")))
       ;; Radicale