Welcome to Centmin Mod Community
Register Now

Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jan 17, 2016.

Thread Status:
Not open for further replies.
  1. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    alphas are broken 123.09beta01le* branches no longer worked on some so yes would be broken

    As to ETA, not right now most likely public testing of acmetool.sh addon will happen once i nail down the features I want to add including support for nginx 1.11 dual ECDSA+RSA certifcate issuance and install and test the auto renewal process etc. Dual certs is not officially supported in acme.sh tool which acmetool.sh uses - you can follow issue tracker at acme.sh distinguish ECC key based certificates from RSA certificates · Issue #74 · Neilpang/acme.sh · GitHub. So need to wait for acme.sh to add support then I need to integrate it into acmetool.sh and test it :)
    Letsencrypt SSL certificates don't support company name etc as they're domain validated not EV SSL certificates.
    That will be optionally supported in acmetool.sh with flags d and lived outlined at Letsencrypt - Welcome to acmetool.sh - new letsencrypt addon for Centmin Mod LEMP stacks | Centmin Mod Community but not by default as some folks need to properly test HTTPS separate from their live HTTP sites.
     
    Last edited: Jun 22, 2016
    • Like Like x 2
    • Dislike Dislike x 1
  2. Colin

    Colin Active Member

    144
    43
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +109
    Local Time:
    1:02 PM
    1.13.#
    MariaDB 10.1.#
    Looking forward to this. Just ran through manually with acme.sh entertaining to overcome nginx 403 .dot perms, cert issue, install and cron renewals.

    Looking forward to 'magic' that saves me remembering what I've already begun to forget.

    Am I vaguely right in thinking, an issued cert say to /root/acme.sh/domain/domain.cer etc

    ...will be installed to the centmin paths because I issued the subsequent --installcert with all the --certpath, --capath --keypath --reloadCmd --fullchainpath settings for my domain... I know I'll find out in a few days. Calendar entry set to check and test ;)
     
  3. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup --installcert copies the ssl certificate files saved by acme.sh to the /usr/local/nginx/conf/ssl/domain.com paths set and configured by acmetool.sh or where ever you specify on --installcert command line
     
  4. Colin

    Colin Active Member

    144
    43
    28
    Oct 7, 2015
    Sheffield UK
    Ratings:
    +109
    Local Time:
    1:02 PM
    1.13.#
    MariaDB 10.1.#
    I certainly saw that occur. What I perhaps wasn't the clearest on is... if in +n days the new certs saved to .acme.sh/domain... will be copied over too, without intervention. I trust the cron job to regenerate, it's done that on another box. But on that one I point the litespeed instance ( dropping for this ) to use the same .acme location.

    Nothing tested nothing lost.
     
  5. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes acme.sh saves the --installcert path into a config file so acme.sh cron renewal knows where to install the cert AFAIK
     
    • Winner Winner x 1
  6. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  7. pamamolf

    pamamolf Premium Member Premium Member

    3,584
    345
    83
    May 31, 2014
    Ratings:
    +667
    Local Time:
    3:02 PM
    Nginx-1.17.x
    MariaDB 10.3.x
    Great :)

    I thought next was netdata :)
     
  8. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    8:02 AM
  9. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes there's custom webroot issue command options in cmd line and menu version if you see Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

    Code (Text):
    --------------------------------------------------------
            SSL Issue Management             
    --------------------------------------------------------
    1).  Issue SSL Cert Staging/Test
    2).  Issue SSL Cert Staging/Test HTTPS Default
    3).  Issue SSL Cert Live
    4).  Issue SSL Cert Live HTTPS Default
    5).  Custom Webroot Issue SSL Cert Staging/Test
    6).  Custom Webroot Issue SSL Cert Staging/Test HTTPS Default
    7).  Custom Webroot Issue SSL Cert Live
    8).  Custom Webroot Issue SSL Cert Live HTTPS Default
    9).  S3 Issue SSL Cert
    10). S3 Issue SSL Cert
    11). S3 Issue SSL Cert
    12). S3 Issue SSL Cert
    13). Exit
    --------------------------------------------------------
    Enter option [ 1 - 13 ]
    --------------------------------------------------------


    Code (Text):
    ./acmetool.sh {acme-menu|acmeinstall|acmeupdate|acmesetup|issue|reissue|renew|s3issue|s3reissue|s3renew|renewall|checkdates}
    
    Usage Commands:
    ./acmetool.sh acme-menu
    ./acmetool.sh acmeinstall
    ./acmetool.sh acmeupdate
    ./acmetool.sh acmesetup
    ./acmetool.sh issue domainname
    ./acmetool.sh issue domainname d
    ./acmetool.sh issue domainname live
    ./acmetool.sh issue domainname lived
    ./acmetool.sh reissue domainname
    ./acmetool.sh reissue domainname d
    ./acmetool.sh reissue domainname live
    ./acmetool.sh reissue domainname lived
    ./acmetool.sh renew domainname
    ./acmetool.sh renew domainname d
    ./acmetool.sh renew domainname live
    ./acmetool.sh renew domainname lived
    ./acmetool.sh webroot-issue domainname /path/to/custom/webroot
    ./acmetool.sh webroot-issue domainname /path/to/custom/webroot d
    ./acmetool.sh webroot-issue domainname /path/to/custom/webroot live
    ./acmetool.sh webroot-issue domainname /path/to/custom/webroot lived
    ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot
    ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot d
    ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot live
    ./acmetool.sh webroot-reissue domainname /path/to/custom/webroot lived
    ./acmetool.sh webroot-renew domainname /path/to/custom/webroot
    ./acmetool.sh webroot-renew domainname /path/to/custom/webroot d
    ./acmetool.sh webroot-renew domainname /path/to/custom/webroot live
    ./acmetool.sh webroot-renew domainname /path/to/custom/webroot lived
    ./acmetool.sh s3issue domainname
    ./acmetool.sh s3issue domainname d
    ./acmetool.sh s3issue domainname live
    ./acmetool.sh s3issue domainname lived
    ./acmetool.sh s3reissue domainname
    ./acmetool.sh s3reissue domainname d
    ./acmetool.sh s3reissue domainname live
    ./acmetool.sh s3reissue domainname lived
    ./acmetool.sh s3renew domainname
    ./acmetool.sh s3renew domainname d
    ./acmetool.sh s3renew domainname live
    ./acmetool.sh s3renew domainname lived
    ./acmetool.sh renewall
    ./acmetool.sh renewall live
    ./acmetool.sh renewall lived
    ./acmetool.sh checkdates
     
  10. jscott

    jscott Member

    104
    14
    18
    Aug 13, 2015
    Ratings:
    +33
    Local Time:
    8:02 AM
    Ah! Great! I skimmed over the screenshots too quickly and did not see that! :(

    Just let us know when we can start testing!!!

    -John
     
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 2
  12. eva2000

    eva2000 Administrator Staff Member

    42,384
    9,571
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,751
    Local Time:
    11:02 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
Thread Status:
Not open for further replies.