Topic: Thoughts on letsencrypt.com?

[DanB35]

Noted, and certainly once they release an RPM into EPEL that will be a better way to go.

When I try running the letsencrypt client with Python 2.6, it dies due to the lack of virtualenv.

Edit: If I add and enable the EPEL repo (set status enabled, signal-event yum-modify), the letsencrypt client runs and gets a certificate.

[KevinG]

The instruction to run it was in about post 20 or so.

from memory

pip install virtualenv

[DanB35]

...but that didn't make it into the wiki, and it isn't needed if we're running under Python 2.7.  The Letsencrypt client docs say that CentOS 6 users need to have the EPEL repository enabled, but that doesn't seem to be the case either if we're using Python 2.7.  But if using Python 2.6, it apparently is necessary either to manually install virtualenv (pip install virtualenv) or have the EPEL repo configured and enabled.

[adamcyberspace]

Should I upgrade to SME9.1 before or after upgrading?
Thanks

[DanB35]

As far as I can tell, it doesn't make a difference.

[KevinG]

I needed pip install virtualenv when I used the altinstall, but the need went away using the scl python27

[Stefano]

letsencrypt now claims to support python 2.6, so those steps are now an unnecessary complication.

yes, sure, but searching with google about running it on a Centos 6.X leads me to say that no, it doesn't work..
the scl path works fine
once RH will release their rpm via the epel repo, we'd think about a contrib

[Stefano]

Note also that Red Hat/EPEL have started work on integration:

https://bugzilla.redhat.com/show_bug.cgi?id=1288744

I linked this bug in our BZ (see #8676)

[DanB35]

@adamcyberspace,

There's some discussion on the letsencrypt forum about DNS problems; it might be relevant to your issue.  https://community.letsencrypt.org/t/dns-query-timed-out/5353/23

[CharlieBrady]

There's a simpler client here:

https://github.com/kuba/simp_le

[DanB35]

There are actually quite a lot of client implementations available:
https://community.letsencrypt.org/t/list-of-client-implementations/2103

They have different dependencies (one is even a bash script), and it looks like there are implementations in Perl, Bash, Ruby, PHP, Python, Java, pretty much anything interesting.

There's also https://gethttpsforfree.com/ for those who don't want to install anything on their servers.  Renewal can't really be automated that way though.  A somewhat prettier web-based system is at https://letsgetssl.com/.

[adamcyberspace]

my install worked fine for 2 X domains but could not get the www.livingnatural.com.au domain to work.
Not a huge deal at this point in time, but strange that the other domains worked and this did not.. the DNS is with a different provider and may be configured differently.. apart from that I cannot think what the issue might be.

[DanB35]

@adam

Someone on the letsencrypt.org thread mentioned he's also having trouble with a host with DNS records at netregistry.net.  There's an open issue (https://github.com/letsencrypt/letsencrypt/issues/1610), and the issue with netregistry is noted there as well, but I don't see any more information about what's going on or the cause.

Best advice I have is to follow the letsencrypt forums and the bug on github.

[Jáder]

And for Python 2.7 this can help:
https://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-2-7/2190

(crossposted from BugZilla = 8676 http://bugs.contribs.org/show_bug.cgi?id=8676 )

[guest22]

And for Python 2.7 this can help:
https://community.letsencrypt.org/t/redhat-centos-6-x-users-need-python-2-7/2190

(crossposted from BugZilla = 8676 http://bugs.contribs.org/show_bug.cgi?id=8676 )

Please let's not clutter this thread with SCL vs IUS. You can open a new thread for that purpose.