Topic: Multiple SSL certificates

[countzero]

https://letsencrypt.org/ seems to have major sponsors backing the initiative.  Probably safe enough to start using for business critical web hosting.  GIT 'interfacing' script will guarantee upwards compatibility and cron will make it a fire and forget solution - nice!  Complexity is a bit of a concern, but then again SSL is obscure subject matter all by itself no matter how you look at it.

Thanks everyone - this made my day!

Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

[ReetP]

https://letsencrypt.org/ seems to have major sponsors backing the initiative.  Probably safe enough to start using for business critical web hosting.  GIT 'interfacing' script will guarantee upwards compatibility and cron will make it a fire and forget solution - nice!  Complexity is a bit of a concern, but then again SSL is obscure subject matter all by itself no matter how you look at it.

Yup - for general solutions it is wroth a whirl.

Thanks everyone - this made my day!

We try

Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live.

Hahahahahahaha...... Seems I need to run and hide

[countzero]

https://wiki.contribs.org/Letsencrypt works beautifully.  5 minutes is all it took.  I now have multi-domain SSL certs active on Koozali / SME server 9.x.   I cried a little.

Thanks everyone; michelandre: Fait: Aucun mot dans la langue anglaise rime avec mois , orange , argent ou violet. Fait: " Rêvé " est le seul mot anglais qui se termine par les lettres " mt "

[Stefano]

Feedback:
Change /etc/letsencrypt.sh/ to /etc/letsencrypt/.  No folder should have the ".sh" suffix".  Also mention "letsencrypt.sh -c -x" somewhere, just in case you want to have a closer look at the beautiful output of the initial "letsencrypt.sh -c" command.  It all happened so fast.  This might be a good spot for it - in the Troubleshooting section, add an extra line to the text already present:
config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile

if you think contrib needs some changes, please open a bug
if you think documentation should be amended, please request a wiki access

thank you

[ReetP]

https://wiki.contribs.org/Letsencrypt works beautifully.  5 minutes is all it took.  I now have multi-domain SSL certs active on Koozali / SME server 9.x.   I cried a little.

LOL..... Good that it all works for you

Feedback:
Change /etc/letsencrypt.sh/ to /etc/letsencrypt/.  No folder should have the ".sh" suffix". 

The folder choice was not ours. It's the default and I am not about to change it in the rpm - KISS.

Also mention "letsencrypt.sh -c -x" somewhere, just in case you want to have a closer look at the beautiful output of the initial "letsencrypt.sh -c" command.  It all happened so fast.  This might be a good spot for it - in the Troubleshooting section, add an extra line to the text already present:
config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile
Now simply run the following command to force a renew (and update modSSL): "letsencrypt -c -x"

If you read the whole page (always worth doing regardless) you will note that with the RPM it does mention creating the test certificates:

Create test certificates (file is in the path so should be OK)

letsencrypt.sh -c -x

Thanks everyone; michelandre: Fait: Aucun mot dans la langue anglaise rime avec mois , orange , argent ou violet. Fait: " Rêvé " est le seul mot anglais qui se termine par les lettres " mt "

Fact - the lunatics have now taken over the asylum in the UK

[ReetP]

if you think contrib needs some changes, please open a bug

Unfortunately as the RPM is not in contribs you cannot open a bug against it....

I try to watch here as best I can but may miss something.

[countzero]

If you read the whole page...

It all worked before I got even halfway down the page.  I edited my post to remove some of the clutter but you guys are too fast.

May the forces of evil become confused on the way to your house.

[ReetP]

It all worked before I got even halfway down the page.

Always worth reading the whole page first

I edited my post to remove some of the clutter but you guys are too fast.

Only if I am awake and have nothing better to do with my time !!!!

[DanB35]

To give a little background on the directory name: When Let's Encrypt went public about six months ago, that was the name of both the service and the client software.  The client software saved its configuration, certificates, etc, in /etc/letsencrypt.  The client has since been renamed to certbot; I'm not sure if the directory in /etc is still the same or not.

letsencrypt.sh is one of many alternate clients that's implemented as a bash script.  Naming it such makes perfect sense, with the ".sh" distinguishing it from the original client and describing that it's a shell script.  It needs to store data in /etc as well, and shouldn't conflict with /etc/letsencrypt, so /etc/letsencrypt.sh was used.  I agree that a directory name with a .sh extension is unusual, but I think in this case it's needed.

[michelandre]

Hi DanB35,

When I installed in 2016-06-26 the directory was still /etc/letsencrypt.sh.

But soon, everything will change:
(May 12, 2016) Announcing Certbot: EFF's Client for Let's Encrypt -- https://www.eff.org/fr/deeplinks/2016/05/announcing-certbot-new-tls-robot

... Certbot is the next iteration of the Let's Encrypt Client...
... Along with the rename, we've also launched a brand new website for Certbot...
... but by far the biggest feature of the website is an interactive instruction tool...

https://github.com/certbot/certbot

...Certbot, previously the Let's Encrypt Client, is EFF's tool to obtain certs from Let's Encrypt...
... You can also tell it exactly what you want it to do from the command line...

All of our documentations will be absolete. 

We just wait and Let's see what will happen, 

Michel-André

[DanB35]

The only part of our documentation that would be obsolete is what I removed over the weekend; letsencrypt.sh hasn't changed. I can't speak for what its developer might do in the future wrt directory names, of course.

[Stefano]

Unfortunately as the RPM is not in contribs you cannot open a bug against it....

time to upload your code, isn't it?

[ReetP]

time to upload your code, isn't it?

Not my choice.... and I can't really do it.... well, I can as I have access, but no idea how to

I also believe JPP is going to work on a proper implementation over the next few months so it may be better to hang on for that - mine was only ever a temporary hack !

[Stefano]

mmhh..

open a NFR and attach your srpm file, it'd be enough

[ReetP]

There's been a NFR for letsencrypt for a long time..... SRPM are on my repo....