Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: ElFroggio on October 02, 2016, 09:28:18 PM

Title: letsencrypt
Post by: ElFroggio on October 02, 2016, 09:28:18 PM

SME 9.1.

I'm currently using the SSL certificates management contrib with a rapidssl certificate which is due to expire early next year. I'm looking at let's encrypt https://wiki.contribs.org/Letsencrypt (https://wiki.contribs.org/Letsencrypt). I don't understand the "John Crisp contrib".

• Is this instead of the 1st section with dehydrated?
• Do I need to uninstall my current SSL certificates management contrib?
• I'm thinking of rolling it out during the XMas/New Year break. If I have any problem at that time, how to I roll back to my still valid rapidssl certificates?

Thanks

Syv

Title: Re: letsencrypt
Post by: DanB35 on October 03, 2016, 01:01:49 AM

The John Crisp contrib is self-contained--if you follow those instructions, you won't need to do any of the other steps in the how-to.  And his contrib has been working very well for me for several months.

Title: Re: letsencrypt
Post by: ElFroggio on October 03, 2016, 01:36:23 AM

Quote from: DanB35 on October 03, 2016, 01:01:49 AM

The John Crisp contrib is self-contained--if you follow those instructions, you won't need to do any of the other steps in the how-to.  And his contrib has been working very well for me for several months.

Thanks, excellent to know.

But the page doesn't mention if I need to remove the existing SSL certificates?


Thanks

Syv

Title: Re: letsencrypt
Post by: DanB35 on October 03, 2016, 01:39:13 AM

No, you don't need to remove your existing certificates.  The contrib will reconfigure the SME server to use the Let's Encrypt cert once it obtains it.  At that point, you can remove the old cert, but you don't need to.

Title: Re: letsencrypt
Post by: ElFroggio on October 03, 2016, 04:27:13 PM

Thank you 8-)

Title: Re: letsencrypt
Post by: ReetP on October 04, 2016, 12:09:15 AM

Sorry I missed all this :-)

I hope it should update itself without issues but nothing in life is guaranteed !

Note the contrib remains with the same name... it just handles creating configs.

It should remove the letsencrypt.sh rpm and install the dehydrated rpm.

There may be residual dirs left e.g. /etc/letsencrpt.sh

If you have any issues you can always revert to the self signed certs by removing the modSSL keys and starting again. I think I mention this on the wiki page.

Please let me know if there are any issues. I can't guantee instant response but will get to it when I can.

B. Rgds
John