Want to subscribe to topics you're interested in?
Become a Member

Letsencrypt Letsencrypt SSL certificate on Centmin Mod Nginx HTTP/2

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 29, 2015.

  1. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    10:13 PM
    Nginx:1.11
    MariaDB-10
    I am trying to use the automatic webroot way to get my letsencrypt certificates. Started with a test-domain, but that does not work as it should. I read some articles and this topic.

    What do you mean by:
    After installation of letsencrypt script, the following is in "staticfiles.conf":
    The directory .well-known/acme-challenge/ is empty, but when I manually put a file there, I also get a 403 error if I try to read it via the browser. It seems that it is not possible to read data from directory names starting with a dot, and that is probably the reason that the script which should get my certificate does not work. I also see the 403 errors in the logs.


    In the text above in this topic, there is info that I should have Content-Type: text/jose+json. I have changed that, but that doesn't change anything.

    Can you please explain how I can get a working script so I can have automatic renewals later on. (I can get a working certificate by manual action, but like to have the webroot script working. I have checked the forums, there are several topics on letsencrypt, but found no solution for my problem. I have also tested with the special version of beta-9le, but the same 403 errors happen there. Also because of the dot-named directories are not readable I think.
     
  2. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    older centmin mod builds vhost generator included blocking dot folder/files in domain.com.conf but letsencrypt's 123.09beta01le latest commented it out

    so comment out this
    Code:
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }  
     
  3. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    10:13 PM
    Nginx:1.11
    MariaDB-10
    Ah,,,, that works, Thanks :)
    .
    Maybe you should add this info to the OP or the general article ;)
     
  4. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    well right now 123.09beta01le isn't really for anyone else to use besides me until I get things right ;)

    FYI, I've just created a newer letsencrypt branch 123.09beta01le2 - it merges 123.09beta01 + 123.09beta01le for testing purposes as those 2 branches were getting further and further apart. There were some merge conflicts I had to resolve, so not sure if I got them all yet heh. So moving forward letsencrypt integration testing will now be done on 123.09beta01le2 branch
     
    Last edited: Dec 30, 2015
  5. Lundz

    Lundz Member

    42
    6
    8
    May 28, 2014
    Ratings:
    +7
    Local Time:
    10:13 PM
    Great, news. I'll try it when i have the time :)
     
  6. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    10:13 PM
    Nginx:1.11
    MariaDB-10
    In some articles about auto-renewal via cron you mentioned a 'expirydate.sh' script to check the expiry date. Is this available somewhere ? I Like to test some cron-updates and looking for an easy way to get the 'valid days' test.
     
  7. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    nah that script isn't available right now it's just used by me for testing internally :)
     
  8. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x

    123.09beta01le3 created



    New Centmin Mod experimental 123.09beta01le3 branch created. It merges (via rebase) 123.09beta01 and 123.09beta01le2 branches for Letsencrypt integration testing on latest 123.09beta01 changes as of Jan 16, 2016.
     
  9. Skippy

    Skippy New Member

    25
    11
    3
    May 14, 2015
    Ratings:
    +20
    Local Time:
    7:13 AM
  10. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    10:13 PM
    1.9.12
    10.0.23
    Oh @eva2000 - A very lovely post to read.. Will test it out very soon, thank you so very much..
     
  11. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  12. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x
  13. Revenge

    Revenge Active Member

    465
    93
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +352
    Local Time:
    9:13 PM
    1.9.x
    10.1.x
    Letsencrypt supports 4096 bit RSA Keys with the parameter --rsa-key-size 4096
    Is there any advantage at this time in using a 4096 bit key instead of the default 2048 bit?
     
  14. eva2000

    eva2000 Administrator Staff Member

    47,552
    10,791
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,776
    Local Time:
    7:13 AM
    Nginx 1.19.x
    MariaDB 5.5/10.x