Welcome to Centmin Mod Community
Register Now

Letsencrypt Letsencrypt SSL certificate on Centmin Mod Nginx HTTP/2

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Aug 29, 2015.

  1. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    3:46 AM
    Nginx:1.11
    MariaDB-10
    I am trying to use the automatic webroot way to get my letsencrypt certificates. Started with a test-domain, but that does not work as it should. I read some articles and this topic.

    What do you mean by:
    After installation of letsencrypt script, the following is in "staticfiles.conf":
    The directory .well-known/acme-challenge/ is empty, but when I manually put a file there, I also get a 403 error if I try to read it via the browser. It seems that it is not possible to read data from directory names starting with a dot, and that is probably the reason that the script which should get my certificate does not work. I also see the 403 errors in the logs.

    In the text above in this topic, there is info that I should have Content-Type: text/jose+json. I have changed that, but that doesn't change anything.

    Can you please explain how I can get a working script so I can have automatic renewals later on. (I can get a working certificate by manual action, but like to have the webroot script working. I have checked the forums, there are several topics on letsencrypt, but found no solution for my problem. I have also tested with the special version of beta-9le, but the same 403 errors happen there. Also because of the dot-named directories are not readable I think.
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    older centmin mod builds vhost generator included blocking dot folder/files in domain.com.conf but letsencrypt's 123.09beta01le latest commented it out

    so comment out this
    Code:
      # prevent access to ./directories and files
      location ~ (?:^|/)\. {
       deny all;
      }  
     
  3. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    3:46 AM
    Nginx:1.11
    MariaDB-10
    Ah,,,, that works, Thanks :)
    .
    Maybe you should add this info to the OP or the general article ;)
     
    • Like Like x 1
  4. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    well right now 123.09beta01le isn't really for anyone else to use besides me until I get things right ;)

    FYI, I've just created a newer letsencrypt branch 123.09beta01le2 - it merges 123.09beta01 + 123.09beta01le for testing purposes as those 2 branches were getting further and further apart. There were some merge conflicts I had to resolve, so not sure if I got them all yet heh. So moving forward letsencrypt integration testing will now be done on 123.09beta01le2 branch
     
    Last edited: Dec 30, 2015
  5. Lundz

    Lundz Member

    42
    6
    8
    May 28, 2014
    Ratings:
    +7
    Local Time:
    3:46 AM
    Great, news. I'll try it when i have the time :)
     
  6. SeaTea

    SeaTea Member

    49
    13
    8
    Feb 20, 2015
    the Netherlands
    Ratings:
    +28
    Local Time:
    3:46 AM
    Nginx:1.11
    MariaDB-10
    In some articles about auto-renewal via cron you mentioned a 'expirydate.sh' script to check the expiry date. Is this available somewhere ? I Like to test some cron-updates and looking for an easy way to get the 'valid days' test.
     
  7. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    nah that script isn't available right now it's just used by me for testing internally :)
     
  8. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x

    123.09beta01le3 created



    New Centmin Mod experimental 123.09beta01le3 branch created. It merges (via rebase) 123.09beta01 and 123.09beta01le2 branches for Letsencrypt integration testing on latest 123.09beta01 changes as of Jan 16, 2016.
     
    • Like Like x 1
    • Winner Winner x 1
  9. Skippy

    Skippy New Member

    25
    11
    3
    May 14, 2015
    Ratings:
    +20
    Local Time:
    11:46 AM
    • Like Like x 1
  10. ModeltogTossen

    ModeltogTossen I wish I could??

    313
    97
    28
    Dec 20, 2015
    Denmark
    Ratings:
    +143
    Local Time:
    3:46 AM
    1.9.12
    10.0.23
    Oh @eva2000 - A very lovely post to read.. Will test it out very soon, thank you so very much..
     
    • Like Like x 1
  11. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    • Like Like x 1
  12. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  13. Revenge

    Revenge Active Member

    443
    92
    28
    Feb 21, 2016
    Portugal
    Ratings:
    +333
    Local Time:
    2:46 AM
    1.9.x
    10.1.x
    Letsencrypt supports 4096 bit RSA Keys with the parameter --rsa-key-size 4096
    Is there any advantage at this time in using a 4096 bit key instead of the default 2048 bit?
     
  14. eva2000

    eva2000 Administrator Staff Member

    41,648
    9,380
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,408
    Local Time:
    11:46 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x