Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

eva2000 · Jun 22, 2016

Kyvaith said: ↑

eva, sorry for asking about this, but is there any ETA for public beta od centmin mod with Let's encrypt integration? I've tested 'alpha' branch, and LS works well for creating new vhost, but not for WordPress option.
Click to expand...

alphas are broken 123.09beta01le* branches no longer worked on some so yes would be broken

As to ETA, not right now most likely public testing of acmetool.sh addon will happen once i nail down the features I want to add including support for nginx 1.11 dual ECDSA+RSA certifcate issuance and install and test the auto renewal process etc. Dual certs is not officially supported in acme.sh tool which acmetool.sh uses - you can follow issue tracker at acme.sh distinguish ECC key based certificates from RSA certificates · Issue #74 · Neilpang/acme.sh · GitHub. So need to wait for acme.sh to add support then I need to integrate it into acmetool.sh and test it

Kyvaith said: ↑

Also, you should allow to put user own information needed for generating certificate (like company name). This should be stored somewhere in need for auto regenerate certs after 60 days.
Click to expand...

Letsencrypt SSL certificates don't support company name etc as they're domain validated not EV SSL certificates.

Kyvaith said: ↑

The last thing is, when valid certificate has been generated, NGINX should redirect all traffic from HTTP to HTTPS.
Click to expand...

That will be optionally supported in acmetool.sh with flags d and lived outlined at Letsencrypt - Welcome to acmetool.sh - new letsencrypt addon for Centmin Mod LEMP stacks | Centmin Mod Community but not by default as some folks need to properly test HTTPS separate from their live HTTP sites.

eva2000 said: ↑

Added a new flag to addons/acmetool.sh to be able to utilise /usr/bin/nv new HTTPS only + HTTP to HTTPS 302 redirect nginx vhost creation via new d and lived flags for test cert + HTTPS only and live cert + HTTPS only respectively
Click to expand...

Colin · Jul 7, 2016

Looking forward to this. Just ran through manually with acme.sh entertaining to overcome nginx 403 .dot perms, cert issue, install and cron renewals.

Looking forward to 'magic' that saves me remembering what I've already begun to forget.

Am I vaguely right in thinking, an issued cert say to /root/acme.sh/domain/domain.cer etc

...will be installed to the centmin paths because I issued the subsequent --installcert with all the --certpath, --capath --keypath --reloadCmd --fullchainpath settings for my domain... I know I'll find out in a few days. Calendar entry set to check and test

eva2000 · Jul 8, 2016

Colin said: ↑

Am I vaguely right in thinking, an issued cert say to /root/acme.sh/domain/domain.cer etc

...will be installed to the centmin paths because I issued the subsequent --installcert with all the --certpath, --capath --keypath --reloadCmd --fullchainpath settings for my domain..
Click to expand...

yup --installcert copies the ssl certificate files saved by acme.sh to the /usr/local/nginx/conf/ssl/domain.com paths set and configured by acmetool.sh or where ever you specify on --installcert command line

Colin · Jul 8, 2016

I certainly saw that occur. What I perhaps wasn't the clearest on is... if in +n days the new certs saved to .acme.sh/domain... will be copied over too, without intervention. I trust the cron job to regenerate, it's done that on another box. But on that one I point the litespeed instance ( dropping for this ) to use the same .acme location.

Nothing tested nothing lost.

eva2000 · Jul 8, 2016

Colin said: ↑

What I perhaps wasn't the clearest on is... if in +n days the new certs saved to .acme.sh/domain... will be copied over too, without intervention
Click to expand...

yes acme.sh saves the --installcert path into a config file so acme.sh cron renewal knows where to install the cert AFAIK

eva2000 · Aug 11, 2016

FYI folks watching and subscribed to this thread, get ready and prep for addons/acmetool.sh testing soon Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

pamamolf · Aug 11, 2016

Great

I thought next was netdata

jscott · Aug 12, 2016

I am all set up for testing.... Just one question..

Will this test version be able to deal with modified web roots?

This is in reference to post Letsencrypt - Centmin Mod Letsencrypt Branch testing discussions | Page 3 | Centmin Mod Community

Or is there some sort of temp workaround? I am wondering if I could use
a symbolic link as a workaround...

-John

eva2000 · Aug 12, 2016

yes there's custom webroot issue command options in cmd line and menu version if you see Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

Code (Text):

--------------------------------------------------------
        SSL Issue Management             
--------------------------------------------------------
1).  Issue SSL Cert Staging/Test
2).  Issue SSL Cert Staging/Test HTTPS Default
3).  Issue SSL Cert Live
4).  Issue SSL Cert Live HTTPS Default
5).  Custom Webroot Issue SSL Cert Staging/Test
6).  Custom Webroot Issue SSL Cert Staging/Test HTTPS Default
7).  Custom Webroot Issue SSL Cert Live
8).  Custom Webroot Issue SSL Cert Live HTTPS Default
9).  S3 Issue SSL Cert
10). S3 Issue SSL Cert
11). S3 Issue SSL Cert
12). S3 Issue SSL Cert
13). Exit
--------------------------------------------------------
Enter option [ 1 - 13 ]
--------------------------------------------------------

Code (Text):

./acmetool.sh {acme-menu|acmeinstall|acmeupdate|acmesetup|issue|reissue|renew|s3issue|s3reissue|s3renew|renewall|checkdates}

Usage Commands:
./acmetool.sh acme-menu
./acmetool.sh acmeinstall
./acmetool.sh acmeupdate
./acmetool.sh acmesetup
./acmetool.sh issue domainname
./acmetool.sh issue domainname d
./acmetool.sh issue domainname live
./acmetool.sh issue domainname lived
./acmetool.sh reissue domainname
./acmetool.sh reissue domainname d
./acmetool.sh reissue domainname live
./acmetool.sh reissue domainname lived
./acmetool.sh renew domainname
./acmetool.sh renew domainname d
./acmetool.sh renew domainname live
./acmetool.sh renew domainname lived
./acmetool.sh webroot-issue domainname /path/to/custom/webroot
./acmetool.sh webroot-issue domainname /path/to/custom/webroot d
./acmetool.sh webroot-issue domainname /path/to/custom/webroot live
./acmetool.sh webroot-issue domainname /path/to/custom/webroot lived
./acmetool.sh webroot-reissue domainname /path/to/custom/webroot
./acmetool.sh webroot-reissue domainname /path/to/custom/webroot d
./acmetool.sh webroot-reissue domainname /path/to/custom/webroot live
./acmetool.sh webroot-reissue domainname /path/to/custom/webroot lived
./acmetool.sh webroot-renew domainname /path/to/custom/webroot
./acmetool.sh webroot-renew domainname /path/to/custom/webroot d
./acmetool.sh webroot-renew domainname /path/to/custom/webroot live
./acmetool.sh webroot-renew domainname /path/to/custom/webroot lived
./acmetool.sh s3issue domainname
./acmetool.sh s3issue domainname d
./acmetool.sh s3issue domainname live
./acmetool.sh s3issue domainname lived
./acmetool.sh s3reissue domainname
./acmetool.sh s3reissue domainname d
./acmetool.sh s3reissue domainname live
./acmetool.sh s3reissue domainname lived
./acmetool.sh s3renew domainname
./acmetool.sh s3renew domainname d
./acmetool.sh s3renew domainname live
./acmetool.sh s3renew domainname lived
./acmetool.sh renewall
./acmetool.sh renewall live
./acmetool.sh renewall lived
./acmetool.sh checkdates

jscott · Aug 12, 2016

Ah! Great! I skimmed over the screenshots too quickly and did not see that!

Just let us know when we can start testing!!!

-John

eva2000 · Aug 15, 2016

FYI, if all goes to plan within next 48-72hrs, addons/acmetool.sh will land into updated 123.09beta01 for public beta testing Letsencrypt SSL certificate integration into Centmin Mod. Read how to prepare your testing servers at Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

eva2000 · Aug 18, 2016

addons/acmetool.sh officially landed into 123.09beta01 for public beta testing Letsencrypt - Official acmetool.sh testing thread for Centmin Mod 123.09beta01 | Centmin Mod Community

so closing this thread

Log in / Register

Forums

Learn about Centmin Mod LEMP Stack today

Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

eva2000 Administrator Staff Member

Colin Active Member

eva2000 Administrator Staff Member

Colin Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

jscott Member

eva2000 Administrator Staff Member

jscott Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.

Log in / Register

Useful Searches

Learn about Centmin Mod LEMP Stack today

Letsencrypt Centmin Mod Letsencrypt Branch testing discussions

eva2000 Administrator Staff Member

Colin Active Member

eva2000 Administrator Staff Member

Colin Active Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

pamamolf Premium Member Premium Member

jscott Member

eva2000 Administrator Staff Member

jscott Member

eva2000 Administrator Staff Member

eva2000 Administrator Staff Member

.