Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

I'm just going to add additional 3rd party clients which we can switch between and play with them and see which is best. The shell based 3rd party le client is smaller footprint so don't run into <768MB memory limits as the official python based letsencrypt client.

 

update your 123.09beta01le4 install had a few fixes added today (feb 4th) Commits · centminmod/centminmod · GitHub

after updating, exit and rerun centmin.sh once to update /usr/bin/nv command

did you use centmin.sh menu option 2 or /usr/bin/nv for nginx vhost generation ?

 

oh that was even earlier fix at update path to le.sh · centminmod/[email protected] · GitHub

edit: hmm maybe not le.sh is constantly being updated Commits · Neilpang/le · GitHub so could change the way it operates !

 

okay updated 123.09beta01le4 with new path to le.sh update path to le.sh · centminmod/[email protected] · GitHub

 

there's /root/centminlogs nginx add vhost log, might want to post a copy to pastebin.com or gist.github.com so can see what's up

 

Ah i have staging ACME API enabled by default for le.sh for testing so don't go up against public beta rate limits in centmin.sh centminmod/centmin.sh at 123.09beta01le4 · centminmod/centminmod · GitHub the variable LECLIENT_LESTAGE='y' enables ACME Staging API

Code:

# Letsencrypt Client Options
LECLIENT_OFFICIAL='y'        # use official letsencrypt.org client
LECLIENT_LE='n'              # use 3rd party shell client https://github.com/Neilpang/le
LECLIENT_LEKEYLENGTH='2048'  # 3rd party sheel client default key length
LECLIENT_LESTAGE='y'         # 3rd party shell client STAGING API
LECLIENT_LEBIN='/root/.le/le.sh'

to get free Letsencrypt trusted SSL certs with le.sh client set in /etc/centminmod/custom_config.inc

Code:

LECLIENT_LESTAGE='n'

 

yeah i am testing many to make sure le.sh works

 

HSTS is disabled by default. You need to enable it yourself once you understand the consequences. You can read enabling HSTS for SSL at Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS but read the consequences of enabling HSTS

basically if you enable HSTS your visitors will have a permanent entry in their browsers to only access your site over HTTPS for the next 3153600 seconds. So if you want to switch back from HTTPS to HTTP, your visitors won't be able to access your site for 3153600 seconds

 

new changes coming to official letsencrypt python client 0.4.0 ANNOUNCEMENT: Transition to the new letsencrypt-auto script - Client - Let's Encrypt Community Support

 

Yeah 123.09beta01le4 is way behind on latest updates and compatibility fixes for nginx 1.9.11+ compared to 123.09beta01 right now. Unfortunately, don't have as much free time to bring 123.09beta01le4 up to speed. Focusing on 123.09beta01 and getting that to 123.09stable to replace aging 123.08stable

no it doesn't, the goal is to get 123.09beta01 to 123.09stable as soon as possible (with testing by myself and feedback and testing by users themselves) and then move letsencrypt to the new dev branch I will create for work on next release after that.