This is mostly for myself, but maybe the googlebot will pick it up and help some others.
Basically, patch-tag encourages https: browsing post log in because, well, it’s the right thing to do. (IMHO, https should be the default option for web browsing, and there is a school of thought about that, but I’m in too much hurry to track it down. Comments welcome )
So, I bought my ssl cert from godaddy to make it possible. And it expired, and I couldn’t remember how to make it work again.
After a bit of mucking around, I chose “renew ssl cert” in godaddy, and paid their pound of flash. Downloaded a little zipped bundle patch-tag.com.zip from godaddy. Contained 2 .crt files, patch-tag.com.crt and gd_bundle.crt.
To get things using the new cert, I edited
leaving the top portion (pk) unchanged, and swapping out the bottom portion (cert) with the contents of patch-tag.com.crt file from godaddy.
I then did /etc/init.d/stunnel4 restart
afaict, good to go.
Not sure what that other cert file (gd_bundle.crt) is for.
That’s all folks.
PS This page was also helpful for configuring stunnel with a godaddy ssl certificate