Topic: Thoughts on letsencrypt.com?

[DanB35]

I updated to smeserver-letsencrypt yesterday to 0.2-6, and it's behaving in a way that's (1) odd, and (2) inconsistent with the documentation at https://github.com/reetp/smeserver-letsencrypt/tree/smeserver-letsencrypt-0.2.

The github page says there's a property called letsencryptConfig that defaults to none and controls which hostnames will be on a certificate.  My install has created a property called configure and set it to all (which I didn't manually do), resulting in the system trying to obtain a cert for every known hostname.  Setting that property to none and re-expanding domains.txt has given the desired result.

[ReetP]

I updated to smeserver-letsencrypt yesterday to 0.2-6, and it's behaving in a way that's (1) odd, and (2) inconsistent with the documentation at https://github.com/reetp/smeserver-letsencrypt/tree/smeserver-letsencrypt-0.2.

The github page says there's a property called letsencryptConfig that defaults to none and controls which hostnames will be on a certificate.  My install has created a property called configure and set it to all (which I didn't manually do), resulting in the system trying to obtain a cert for every known hostname.  Setting that property to none and re-expanding domains.txt has given the desired result.

Dan - sorry - I'll check that and get it fixed pronto.

[ReetP]

It's my awful documentation.

config setprop letsencrypt configure none| all | domains | hosts

I use a variable in the scripts called $letsencryptConfig and got in a muddle somewhere.

[DanB35]

There's also the matter of the default.  It seems it was set in the post-install script to all, which really doesn't seem like a sensible default at all, whatever the property is called.

[ReetP]

There's also the matter of the default.  It seems it was set in the post-install script to all, which really doesn't seem like a sensible default at all, whatever the property is called.

Damn - can you just check the db/default file ? Definitely 'all' ?

I have it here as none but perhaps I changed it and never built an updated RPM.

Let me know and I'll get an update smashed out PDQ

[ReetP]

v0.2-7 in my repo

[DanB35]

Damn - can you just check the db/default file ? Definitely 'all' ?

Sorry, where is the db/default file?  The "configure" property was set to "all", and I don't believe I did that manually.

[ReetP]

Sorry, where is the db/default file?  The "configure" property was set to "all", and I don't believe I did that manually.

/etc/e-smith/db/configuration/defaults/letsencrypt

As per my post above I made a mistake in the docs which I have corrected.

I think the version you had also may also had the configure (the correct property name) property set to 'all' rather than 'none'.

The new RPM should set the correct DB key value of none and to use the key do :

Code: [Select]

config setprop letsencrypt configure none | all | domains | hosts (use one value)
Let me know if anything seems amiss.

[DanB35]

/etc/e-smith/db/configuration/defaults/letsencrypt

Strange--I looked there, and "configure" contained "none".  I've now manually changed that property to "none", and domains.txt looks like it should, but I wonder what set it to "all".

I'll install the update.

[ReetP]

I think I did the first version of this and set it to all in testing and that got left in. You have got it at some point I guess.

Please keep me posted, though bed time for me now.

[ReetP]

Dan,

I just noticed this with certs per domain in their own directories et al.

https://github.com/lukas2511/letsencrypt.sh/pull/242

a) relevant ?
b) anything worth adding ?

I'll have to pull in the script at some stage and this doe not seem to actually affect anything  - just gives more functionality

Let me know you thoughts.

B. Rgds
John

[DanB35]

From what I can tell, that change isn't going to make a big difference.  It allows specifying a directory which can contain per-domain configuration files, but it doesn't appear to require that.  It seems to me that in our application, implementing this would be an unnecessary complication.

[ReetP]

Does me !!

Thanks

[ldkeen]

Hi John,
Installing the latest rpm I get this error message:

Code: [Select]

Running Transaction
  Installing : letsencrypt.sh-0.0.9.160523.gitd5b2858-1.noarch              1/2
  Installing : smeserver-letsencrypt-0.2-7.noarch                           2/2
/var/tmp/rpm-tmp.lmNfdo: line 5: syntax error in conditional expression: unexpected token `;'
/var/tmp/rpm-tmp.lmNfdo: line 5: syntax error near `;'
/var/tmp/rpm-tmp.lmNfdo: line 5: `if [[ -f /etc/letsencrypt.sh/config.sh]];'
warning: %post(smeserver-letsencrypt-0.2-7.noarch) scriptlet failed, exit status 2
Non-fatal POSTIN scriptlet failure in rpm package smeserver-letsencrypt-0.2-7.noarch
Migrating existing database yum_repositories
Everything seems to work OK though?

[ReetP]

Hi sorry but I realised there were some bash errors in the postinstall script in this version.

The scripts just try and clean out old config files.... as the system creates clean ones it shouldn't be an issue on an update. It may affect a new install by not creating the acme directory.

I think I built a new fixed rpm last week but following a panic at work I forgot to add it to the repo. I'll try and take a look later today (I'm travelling & stuff so as time allows)

B. Rgds
John