devdocs/deploy.txt

@@ -180,7 +180,7 @@ ubuntu.16.04-x64  //<--- ends up being the same size as portable linux 64 so not
 
 
 
-### DOCKER NGINX LETS ENCRYPT CERTBOT
+### DOCKER NGINX Let's Encrypt CERTBOT
      - https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
      - https://github.com/humankode/letsencrypt-docker-nginx/blob/master/src/production/production.conf
 

devdocs/todo.txt

@@ -68,7 +68,7 @@ todo: (BREAK THIS OUT INTO LATER/NOW/CASES) there are several outstanding AUTHEN
 
 todo: look into how to use an SSL certificate with the RAVEN server directly when not behind nginx
 	https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1
-	- this should be supported by default out of the box working with Let's encrypt ideally
+	- this should be supported by default out of the box working with Let's Encrypt ideally
 	- is it now considered ok to host .net core web api directly internet facing?
 todo: onboarding and default manager account password
 	- Need to come up with a safety plan for this so people don't leave it at default

devdocs/tools.txt

@@ -359,7 +359,7 @@ ubuntu.16.04-x64  //<--- ends up being the same size as portable linux 64 so not
 - DATA SEEDING: https://github.com/bchavez/Bogus (a port of faker.js)
 
 
-### DOCKER NGINX LETS ENCRYPT CERTBOT
+### DOCKER NGINX Let's Encrypt CERTBOT
      - https://www.humankode.com/ssl/how-to-set-up-free-ssl-certificates-from-lets-encrypt-using-docker-and-nginx
      - https://github.com/humankode/letsencrypt-docker-nginx/blob/master/src/production/production.conf
 

docs/8.0/ayanova/docs/ops-install-linux-server.md

@@ -256,7 +256,7 @@ sudo systemctl stop ayanova.service
 
 ### Local network access
 
-If users are accessing AyaNova only on a private local area network no more installation steps are required and it should be ready for use.
+If users are accessing AyaNova only on a private local area network no more installation steps are required and AyaNova should be ready for use.
 Assuming the default port of 7575 is in use then the URL would be similar to:
 
 `http://YOUR_LOCAL_NETWORK_AYANOVA_SERVER_IP_ADDRESS:7575`
@@ -330,7 +330,7 @@ sudo ufw allow 'Nginx Full'
 
 NGINX needs to be configured to reverse proxy to AyaNova server.
 
-If you are already using NGINX for other services then a site configuration file entry will need to be made to reverse proxy AyaNova with appropriate settings for your site. We cannot provide details for that as it must work with your existing NGINX configuration, however here is an example of the AyaNova specific parts only taken from a working site that uses Lets Encrypt certificates to give an idea of what is required:
+If you are already using NGINX for other services then a site configuration file entry will need to be made to reverse proxy AyaNova with appropriate settings for your site. We cannot provide details for that as it must work with your existing NGINX configuration, however here is an example of the AyaNova specific parts only taken from a working site that uses Let's Encrypt certificates to give an idea of what is required:
 
 ```
 server {
@@ -390,7 +390,7 @@ server {
 
 Note that the server name is _intentionally_ commented out with a # symbol for now. In a later step you will uncomment it and replace the example domain with the one registered previously.
 
-In a later step the Lets Encrypt Certbot will automatically update this file with the correct settings for ongoing use, this is only the initial configuration to allow Lets Encrypt access.
+In a later step the Let's Encrypt Certbot will automatically update this file with the correct settings for ongoing use, this is only the initial configuration to allow Let's Encrypt access.
 
 Confirm that NGINX sees the configuration as valid:
 
@@ -415,15 +415,15 @@ If DNS has propogated but you see an NGINX error page instead, confirm that AyaN
 
 Open the NGINX config file previously modified again in your editor, remove the `#` symbol that is commenting out the `server_name` line and replace the server name `example.com` with your domain and or subdomain names previously registered, save and exit.
 
-### SSL Certificate through Lets Encrypt
+### SSL Certificate through Let's Encrypt
 
-Install the Lets Encrypt Certbot application and it's NGINX handler at the server:
+Install the Let's Encrypt Certbot application and it's NGINX handler at the server:
 
 ```bash
 sudo apt install certbot python3-certbot-nginx
 ```
 
-Request a certificate from Lets Encrypt for the domain or subdomains previously registered and set in the NGINX config file:
+Request a certificate from Let's Encrypt for the domain or subdomains previously registered and set in the NGINX config file:
 
 ```bash
 sudo certbot --nginx -d ayanova.example.com -d www.ayanova.example.com

docs/8.0/ayanova/docs/ops-install-windows-iis.md

@@ -2,6 +2,8 @@
 
 Please read through all the instructions below **before** proceeding with installation to be sure everything is available and ready.
 
+These instructions require a working knowledge of Windows server adminstration tasks.
+
 This installer includes the AyaNova server application only and depends on an IIS server, a PostgreSQL server be installed or accessible and the .net Core framework to be installed in the correct order (detailed below).
 
 This type of installation is suitable for both outside internet access and inside the local network.
@@ -28,7 +30,7 @@ Any modern browser (not Internet Explorer) with Javascript enabled on any device
 
 In order to access the AyaNova server through IIS from the internet a static IP address is required, optionally a registered domain name as well as appropriate configuration of IIS and the router to allow secure, incoming connections to the IIS server from the internet.
 
-The following instructions are provided to get IIS running with AyaNova _inside_ your network so it's ready for the next steps of exposing it to the outside world which will require site and equipment specific configuration best done by an _experienced_ network professional and are beyond the scope of this manual or the support we can provide.
+The following instructions are provided to get IIS running with AyaNova _inside_ your network so it's ready for the next steps of exposing it to the outside world which will require a domain name, DNS configuration as well as site and equipment specific configuration best done by an _experienced_ network professional and are beyond the scope of this manual or the support we can provide.
 
 If a networking technician has a question about AyaNova itself that is not answered in this manual contact us: [support@ayanova.com](mailto:support@ayanova.com).
 
@@ -218,7 +220,11 @@ IIS will automatically manage starting and stopping AyaNova as required.
 
 Server installation under IIS for internal access is complete. Users will require the URL to use in their browser to access the AyaNova APP that was opened in the last step to test AyaNova substituting the server's IP address for the "localhost" part of the URL.
 
-For connection from the internet your network adminstrator will need to setup IIS with the correct port and optionally domain name and open the port on the router to allow outside connections and finally provide your users with the correct URL to access AyaNova from outside your network.
+For connection from the internet your network adminstrator will need to setup IIS with an SSL certificate, bind to the correct port and domain name and open the port on the router to allow outside connections and finally provide your users with the correct URL to access AyaNova from outside your network.
+
+** AyaNova can only be securely accessed from the internet if it's secured with an SSL certificate and only allows an HTTPS connection and not an unsecured HTTP connection. **
+
+ Let's Encrypt provides free SSL certificates and lists [several Windows clients](https://letsencrypt.org/docs/client-options/#clients-windows-/-iis) for use with Let's Encrypt on Windows.
 
 For Server Operations role review the [Server operations](ops-intro.md) configuration and maintenance guide.