Topic: Thoughts on letsencrypt.com?

[DanB35]

Makes sense.  I've edited the script in the wiki to run all three events.

[Daniel B.]

AFAIK, signal-event email-update is not enough, because it simply reload qpsmtpd/sqpsmtpd, and does not restart them. We should create a new ssl-update event, which can restart needed services (and any contrib author using the SSL cert could hook into it)

Please open an NFR for this

[DanB35]

Done.  http://bugs.contribs.org/show_bug.cgi?id=9152

[flep]

So the next matter is setting up the automatic renewal.  RequestedDeletion linked to the cron manager contrib, which I wasn't aware of, and which would make editing cron jobs a bit easier, but I don't see any way with that to set a job to run every other month, which would be plenty frequent for certificate renewal.  I'd think the cron entry for root should look something like
48 22 3 */2 * /opt/letsencrypt-renew.sh

In a template-driven distro editing cron shoud be done like in http://wiki.contribs.org/Cron_entry

I edit the wiki according to.

[DanB35]

I hadn't known (or at least remembered) that crontab was templated.  Good call to add that.

[guest22]

Good calls guys. @others reading this, please test and provide your feedback and/or suggestions.

[adamcyberspace]

It broke my server. HTTPD is started but web pages no longer display. Not even when I use the IP address...

[adamcyberspace]

root@server letsencrypt]# ./letsencrypt-auto certonly --standalone --email adam@livingnatural.com.au -d livingnatural.com.au
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone --email adam@livingnatural.com.au -d livingnatural.com.au
Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. livingnatural.com.au (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: DNS query timed out

IMPORTANT NOTES:
 - The following 'urn:acme:error:connection' errors were reported by
   the server:

   Domains: livingnatural.com.au
   Error: The server could not connect to the client for DV

Any thoughts on why my web server no longer works at all??

[KevinG]

The script runs
service httpd-e-smith stop

If it stopped you will need a

service httpd-e-smith start

The error occurred for me when I did not have my test server exposed to the internet and correctly on a public dns.  Check that first.

Good luck

[adamcyberspace]

service httpd-e-smith was restarted.. I even restarted the server, but to no avail..
Fortunately I took a snapshot of the server before making the change, and have now rolled back.
Not keen to try again until I figure out what went wrong.

[Stefano]

well, you'd take a look at the logs..

[KevinG]

Did you stop when you got the error or did you continue and try the following lines?:

config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/cert.pem
config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem
config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem
signal-event domain-modify; signal-event email-update

Setting those properties without the certificates will kill off https service quite well.

You can use config delprop to remove settings you don't want.

[adamcyberspace]

I did continue with the error.. Now I know what went wrong..
Thank you very much..
I will try again soon.

[flep]

root@server letsencrypt]# ./letsencrypt-auto certonly --standalone --email adam@livingnatural.com.au -d livingnatural.com.au
Updating letsencrypt and virtual environment dependencies.......
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly --standalone --email adam@livingnatural.com.au -d livingnatural.com.au
Version: 1.1-20080819
Version: 1.1-20080819
Failed authorization procedure. livingnatural.com.au (tls-sni-01): urn:acme:error:connection :: The server could not connect to the client for DV :: DNS query timed out

IMPORTANT NOTES:
 - The following 'urn:acme:error:connection' errors were reported by
   the server:

   Domains: livingnatural.com.au
   Error: The server could not connect to the client for DV

Any thoughts on why my web server no longer works at all??

both ports 80 and 433 must be opened or forward, if you use virtual machine or proxy please check config.

[guest22]

Maybe we need to add to the wiki page that server-gateway mode is the only supported mode? We need to add something about this for there any many exotic port forwarded masquerading setups out there.


Thoughts?