Welcome to Centmin Mod Community
Register Now

Letsencrypt Letsencrypt Question...

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Matt Williams, Oct 26, 2015.

  1. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
  2. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    It's only supported in Centmin Mod 123.09 betas and not fully automated yet so manual steps to install Letsencrypt client, run web root authentication and sed replace self signed ssl certificate with letsencrypt's ssl certificate is all required (as outlined at SSL - Letsencrypt Free SSL certificates with web root authentication method)

    FYI, letsencrypt is still in dev/beta phase so you ssl certificates will be untrusted in browsers like self-signed ssl certificates. Once Letsencrypt code is finalised and GA, I will integrate Letsencrypt automation into Centmin Mod's auto nginx vhost ssl creation as an optional choice either self signed or letsencrypt ssl certificate at nginx vhost setup time but most likely 123.09 betas only at first.
     
  3. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
  4. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    Are there any directions on installing the LetsEncrypt? I updated to 09betale - installed a new WP site with menu option 22 with Letsencrypt support but the auto installer never created the vhost ( it was blank ), the WP files were installed but it took me to the Centminmod default page when accessing the URL and not the WP site. First thing I thought was my DNS was wrong, but after looking, it was right.

    Code:
    Complete!
    Creating virtual environment...
    Updating letsencrypt and virtual environment dependencies...../root/.local/share/letsencrypt/lib/python2.7/si                                                        te-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext                                                         object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL                                                         connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecu                                                        replatformwarning.
      InsecurePlatformWarning
    ./root/.local/share/letsencrypt/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.p                                                        y:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configur                                                        ing SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib                                                        3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
      InsecurePlatformWarning
    Command "/root/.local/share/letsencrypt/bin/python2.7 -c "import setuptools, tokenize;__file__='/tmp/pip-buil                                                        d-i0PV8D/cryptography/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n',                                                         '\n'), __file__, 'exec'))" install --record /tmp/pip-q4Wi6Q-record/install-record.txt --single-version-exter                                                        nally-managed --compile --install-headers /root/.local/share/letsencrypt/include/site/python2.7/cryptography"                                                         failed with error code 1 in /tmp/pip-build-i0PV8D/cryptography
    setup general /etc/letsencrypt/webroot.ini letsencrypt config file
    touch: cannot touch ‘/etc/letsencrypt/webroot.ini’: No such file or directory
    inc/letsencrypt.inc: line 68: /etc/letsencrypt/webroot.ini: No such file or directory
    grep: /etc/letsencrypt/webroot.ini: No such file or directory
    /root/.local/share/letsencrypt/bin/letsencrypt not found
    
     
  5. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
  6. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    This VPS has 1GB Ram but has quite a few sites on it lol! I'll create a new VPS just for this testing...
     
  7. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah need to figure out a min free memory requirement and script some system memory detection into Centmin Mod Letsencrypt integration :)
     
  8. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    what is the minimum memory limit?
     
  9. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    still trying to find out specifically letsencrypt-auto on devices with low memory // was: on Centos/RHEL 7 · Issue #1677 · letsencrypt/letsencrypt · GitHub

    I test on 1GB VPS fine but it's lightly used. So would be more about free memory availability

    maybe check your free memory on your problem server..

    123.09beta01le has a addons/letsencrypt.sh you can standalone to just install/update the client and nothing else, you can see if it completes

    i might add memory system stats to it too for debug mode later today :)
     
  10. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    Question: If I run the letsencrypt SSL and the custoomer has NOT changed the IPs for DNS will it fail? and if I run this, Can I re-run it after the customer changes the A records?
     
  11. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    if dns isn't updated to server IP and you select yes to letsencrypt and no to abort to update dns, then letsencrypt validation will fail and self-signed ssl certificate will be used in the domain.com.ssl.conf nginx vhost.

    re-running again, won't work if the existing domain.com nginx vhost and directories exist unless you remove them with the rm commands shown immediately after the nginx vhost creation. I am working on addons/letsencrypt.sh as a standalone for existing nginx vhosts getting and renewing letsencrypt ssl certificates as well as installing the initial letsencrypt client but i have yet to test getting/renewing le ssl certs via addons/letsencrypt.sh
     
    • Like Like x 1
  12. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    so how do I un-install the lets encrypt system and re-run it once the client changes over the A record and DNS?
     
  13. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    no need to uninstall, once nginx vhost structure is removed or once addons/letsencrypt.sh works fully you can just re-run and letsencrypt ssl cert will be obtained and put in place. You never need to actually remove/uninstall letsencrypt client
     
  14. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    is still under development?
     
  15. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    yup, 123.09beta01 and 123.09beta01le are always under development :D
     
  16. Matt Williams

    Matt Williams WordPress Fanatic

    468
    90
    28
    Nov 22, 2014
    Virginia, USA
    Ratings:
    +135
    Local Time:
    1:23 PM
    latest
    10
    As I have noticed. I moved all VPS's to the beta and now I'm constantly updating lol! All good though - you are the best!
     
    • Like Like x 1
  17. eva2000

    eva2000 Administrator Staff Member

    28,925
    6,566
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,743
    Local Time:
    3:23 AM
    Nginx 1.13.x
    MariaDB 5.5
    yeah i am thinking about probably moving 123.09betas to dev named branch and allow 123.08stable and minor updates to go through 123.09 and higher - just planning now