Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: compdoc on April 20, 2017, 06:45:06 PM
-
I once followed the instructions here to install Shad L. Lords mod for cacert. But now I want to use Let's Encrypt.
What steps should I take to remove it? Can I just delete the modSSL service from the config? Also delete the certificate files I created?
-
well.. some hints on what you did/howto you followed might help us to help you ;-)
-
https://wiki.contribs.org/Custom_CA_Certificate
-
https://forums.contribs.org/index.php/topic,52993.msg273843.html#msg273843
then use letsencrypt
-
Perfect. Thanks. I even seem to have it working, after lots of trial and error. :-)
-
Can you tell us more about the problems you had?
-
I installed the Dehydrated contrib, but found that it doesn't seem to set things up that are later mentioned in the wiki.
Examples:
There was no file /usr/local/bin/dehydrated-hook
There was no custom template fragment for Apache
To renew expired certs, there was no file /etc/cron.daily/call-dehydrated
Probably the most time was spent looking up commands to check my work, making the changes, and seeing what effect the changes had.
For instance, in the beginning, I could not figure out why my edits to /etc/dehydrated/domains.txt were being deleted or changed whenever I ran dehydrated.
Most useful commands to getting it working were:
config show letsencrypt
db hosts show
db domains show
config show modSSL (this one is in the wiki)
db accounts show
By the way, there is a command in the wiki that omits one thing...
The example command:
config setprop letsencrypt configure all | domains | hosts
Should probably read instead:
config setprop letsencrypt configure none | all | domains | hosts
Since 'none' is how it comes installed, and is what I finally used because only two hostnames were needed in the cert.
Anyway, it will be nice to have a new cert automatically installed each time, although I don't yet know if the cron job is working.
And its great to have a working cert for my site!
Thanks!
-
Never mind about /etc/cron.daily/call-dehydrated. There's a file named /etc/cron.daily/letsencript instead.
However, it differs slightly from the contents of /etc/cron.daily/call-dehydrated as written in the wiki.
-
I installed the Dehydrated contrib,
Which one? smeserver-letsencrypt from the reetp repo is the best-integrated option. If you just installed dehydrated from the smecontribs repo, you'll need to create all the other configuration and script files yourself as described on the wiki page.
-
I followed the page https://wiki.contribs.org/Letsencrypt
Good to know about reetp repo. I have another system I'm going to try this on, and might redo my own.
Thanks!
-
The wiki documents (at least) three different methods of installation. Which one did you use?
-
Which one? smeserver-letsencrypt from the reetp repo is the best-integrated option. If you just installed dehydrated from the smecontribs repo, you'll need to create all the other configuration and script files yourself as described on the wiki page.
# yum install smeserver-letsencrypt --enablerepo=smedev,smecontribs
==========================================================
Package Arch Version Repository Size
==========================================================
Installing:
smeserver-letsencrypt noarch 0.4-1 smedev 27 k
Installing for dependencies:
dehydrated noarch 0.4.0.20170205.git1163864-1.el6.sme smedev 25 k
Transaction Summary
==========================================================
Install 2 Package(s)
Total download size: 52 k
Installed size: 87 k
Is this ok [y/N]:
# yum install smeserver-letsencrypt --enablerepo=reetp
==========================================================
Package Arch Version Repository Size
==========================================================
Installing:
smeserver-letsencrypt noarch 0.4-1 reetp 27 k
Installing for dependencies:
dehydrated noarch 0.4.0.170206.git1163864-1 reetp 22 k
Transaction Summary
==========================================================
Install 2 Package(s)
Total download size: 49 k
Installed size: 90 k
Is this ok [y/N]:
they are the same, just need a few hands to verify the one in smedev is working as good...
-
Originally smeserver-letsencrypt was just in my repo but has now been added to smecontribs (or smetesting)
The dehydrated rpm JUST adds the dehydrated script but configures nothing.
smeserver-letsencrypt does the configuration for you, and depends on dehydrated, so best to install the smeserver-letsencrypt which will pull in dehydrated at the same time
The wiki may well need updating - I just haven't had the time to do anything recently but intend to try and get back up to speed in the next week or so, work allowing (as that is what put bread on my table and keeps a roof over my head!)
Once we have it properly sorted in smecontribs I'll remove the one from my repo.
B. Rgds
John
-
Once we have it properly sorted in smecontribs I'll remove the one from my repo.
It's in smedev now (as noted above by JPP); I've updated the wiki.
-
Once we have it properly sorted in smecontribs I'll remove the one from my repo.
It's in smedev now (as noted above by JPP); I've updated the wiki.
-
Thanks Dan. You are the real hero for getting it working originally!
JPP has built an updated version with some mods today.
https://bugs.contribs.org/show_bug.cgi?id=10253
-
You are the real hero for getting it working originally!
Hardly. You did all the code; I just told you what was wrong with it. It continues to work well for me, issuing certs for all kinds of servers on my LAN.