Want more timely Centmin Mod News Updates?
Become a Member

Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jan 17, 2016.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    I'm just going to add additional 3rd party clients which we can switch between and play with them and see which is best. The shell based 3rd party le client is smaller footprint so don't run into <768MB memory limits as the official python based letsencrypt client.

     
  2. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    3:05 AM
    latest
    latest
    testing centminmod-123.09beta01le4 on Linode

    with

    LECLIENT_OFFICIAL='n'
    LECLIENT_LE='y'

    on custom_config.inc

    when adding a new vhost

    /usr/local/bin/le.sh not found
     

    Attached Files:

    • le.jpg
      le.jpg
      File size:
      114 KB
      Views:
      0
  3. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    update your 123.09beta01le4 install had a few fixes added today (feb 4th) Commits · centminmod/centminmod · GitHub :)

    after updating, exit and rerun centmin.sh once to update /usr/bin/nv command

    did you use centmin.sh menu option 2 or /usr/bin/nv for nginx vhost generation ?
     
  4. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  6. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    3:05 AM
    latest
    latest
    I tried the latest 123.09beta01le4 and there's no more error

    I chose menu item 2 and then added domain and self-signed certificate yes

    and it seems Letsencrypt SSL Certificate were installed but when I visit domain on https it says

    Certificate Error
    There are issues with the site's certificate chain (net::ERR_CERT_AUTHORITY_INVALID).
     

    Attached Files:

    • 1.jpg
      1.jpg
      File size:
      41.6 KB
      Views:
      0
    • 2.jpg
      2.jpg
      File size:
      29.2 KB
      Views:
      0
  7. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    there's /root/centminlogs nginx add vhost log, might want to post a copy to pastebin.com or gist.github.com so can see what's up
     
  8. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah i have staging ACME API enabled by default for le.sh for testing so don't go up against public beta rate limits in centmin.sh centminmod/centmin.sh at 123.09beta01le4 · centminmod/centminmod · GitHub the variable LECLIENT_LESTAGE='y' enables ACME Staging API
    Code:
    # Letsencrypt Client Options
    LECLIENT_OFFICIAL='y'        # use official letsencrypt.org client
    LECLIENT_LE='n'              # use 3rd party shell client https://github.com/Neilpang/le
    LECLIENT_LEKEYLENGTH='2048'  # 3rd party sheel client default key length
    LECLIENT_LESTAGE='y'         # 3rd party shell client STAGING API
    LECLIENT_LEBIN='/root/.le/le.sh'
    to get free Letsencrypt trusted SSL certs with le.sh client set in /etc/centminmod/custom_config.inc
    Code:
    LECLIENT_LESTAGE='n'
     
    Last edited: Feb 4, 2016
  9. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    3:05 AM
    latest
    latest
    But I've only tested one domain.
     
  10. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yeah i am testing many to make sure le.sh works :D
     
  11. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    3:05 AM
    latest
    latest
  12. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    9:05 PM
    1.9.12
    10.0.23
    I think your site need to have strict http (HSTS) before you can get the A+ now - anyone, correct me here if I'm wrong.
     
  13. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    HSTS is disabled by default. You need to enable it yourself once you understand the consequences. You can read enabling HSTS for SSL at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS but read the consequences of enabling HSTS
    basically if you enable HSTS your visitors will have a permanent entry in their browsers to only access your site over HTTPS for the next 3153600 seconds. So if you want to switch back from HTTPS to HTTP, your visitors won't be able to access your site for 3153600 seconds
     
  14. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  15. Shaiffulnizam Mohamad

    Shaiffulnizam Mohamad New Member

    29
    8
    3
    Jun 6, 2014
    Ratings:
    +9
    Local Time:
    3:05 AM
    1.7.0
    5.5
    Eva, I'm using 123.09beta01le4, I was trying to update my nginx to 1.9.12, but it seems that the upgrade fails, what should I do? or can I use the stable version to upgrade my nginx?
     
  16. rdan

    rdan Well-Known Member

    5,451
    1,412
    113
    May 25, 2014
    Ratings:
    +2,206
    Local Time:
    3:05 AM
    Mainline
    10.2
    Use 123.09beta01 branch.
     
  17. Shaiffulnizam Mohamad

    Shaiffulnizam Mohamad New Member

    29
    8
    3
    Jun 6, 2014
    Ratings:
    +9
    Local Time:
    3:05 AM
    1.7.0
    5.5
    Thanks, but beta 09 doesn't use letsencrypt right? because have try that just now.
     
    Last edited: Feb 28, 2016
  18. eva2000

    eva2000 Administrator Staff Member

    55,811
    12,273
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,859
    Local Time:
    5:05 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah 123.09beta01le4 is way behind on latest updates and compatibility fixes for nginx 1.9.11+ compared to 123.09beta01 right now. Unfortunately, don't have as much free time to bring 123.09beta01le4 up to speed. Focusing on 123.09beta01 and getting that to 123.09stable to replace aging 123.08stable :)

    no it doesn't, the goal is to get 123.09beta01 to 123.09stable as soon as possible (with testing by myself and feedback and testing by users themselves) and then move letsencrypt to the new dev branch I will create for work on next release after that.
     
  19. Shaiffulnizam Mohamad

    Shaiffulnizam Mohamad New Member

    29
    8
    3
    Jun 6, 2014
    Ratings:
    +9
    Local Time:
    3:05 AM
    1.7.0
    5.5
    So now I have it both, using beta 09 to upgrade my nginx, but using 09le4 when it comes to create nginx vhost with letsencrypt
     
  20. Shaiffulnizam Mohamad

    Shaiffulnizam Mohamad New Member

    29
    8
    3
    Jun 6, 2014
    Ratings:
    +9
    Local Time:
    3:05 AM
    1.7.0
    5.5
    Eva, is there any updates on letsencypt for cmm? perhaps as Add ons? :)
     
Thread Status:
Not open for further replies.