I have been busy with content for the last few weeks, but today my task was to get the repository for the site set up so I could have things nicely versioned and backed up. This will also allow me to add content to the site remotely, rather than directly on the pi.
First, I made sure git was configured to sign commits with my gpg key. I followed GitHub’s guide:
git config --global user.signingkey FINGERPRINT git config --global commit.gpgsign true [ -f ~/.bashrc ] && echo 'export GPG_TTY=$(tty)' >> ~/.bashrc
Next, I initialized a new repository in my existing local directory for the website.
echo "# test" >> README.md git init git add README.md git commit -m "Initialize Repository"
I hadn’t actually configured git fully yet, so got an error here. I configured git as directed:
git config --global user.email "EMAIL@ADDRESS.com" git config --global user.name "MY NAME"
I was then able to make my first commit successfully and proceed from there:
git branch -M main
Then, I got the remote set up at Codeberg, and continued on:
git remote add origin https://codeberg.org/steinea/website.git git push -u origin main
And here is where the trouble started. Trying to push via HTTPS kept returning the error server certificate verification failed. CAfile: none CRLfile: none. From my searching, this error appeared linked to a certificate expiry event last year that impacted everyone using Let’s Encrypt, but I was unable to resolve the issue (even after lots of technical help from my engineer friend who actually knows what he’s doing).
I tried lots of different approaches:
sudo update-ca-certificates ran, but had nothing to update.
This discussion presented a possible solution, so I ran:
openssl s_client -showcerts -servername codeberg.org -connect codeberg.org:443 < /dev/null 2 >/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p' > codeberg-org.pem
cat codeberg-org.pem | sudo tee -a /etc/ssl/certs/ca-certificates.crt
This ran successfully, but I still could not push, receiving the same error.
I tried to reinstall my certificates:
sudo apt-get install --reinstall ca-certificates
Which successfully reinstalled the certificates, but also did not resolve the problem.
So after all of this, my friend suggested I try SSH instead of HTTPS.
ssh-keygen
I followed the steps, creating a local directory for SSH keys, and adding a secure password. For reference, my public key fingerprint is:
SHA256:8xlNrcyvXGuxzE7tl6VerlTqlRv0dlZSY7JPjxUPflE pi@Maia
My randomart image is:
+---[RSA 2048]----+ | E| | . .| | ..o=.| | = o+o=| | S . =.oo*| | o o .=O*| | o oBB%| | . **X=| | o+*o+| +----[SHA256]-----+
I then added the key to my Codeberg account, and reset the origin for git to use SSH:
git remote rm origin git remote add origin git@codeberg.org:steinea/website.git git push -u origin main
When prompted, I verified Codeberg’s SSH fingerprint prior to accepting it. The fingerprint can be found in Codeberg’s documentation.
And with this, I at last successfully pushed! Now, to add everything from the website. This was my first experience with git in the terminal rather than in a GUI, so it took some getting used to, but all very straight forward:
git status git add /home/pi/website git commit -m "Initial website setup and content" git push -u origin main
Now, I can breathe a bit more easily with version control in place. With all the power failures lately as winter storms start to pick up, I have had some concern about a surge borking the pi, so I feel much better.