Join the community today
Register Now

Letsencrypt Official acmetool.sh testing thread for Centmin Mod 123.09beta01

Discussion in 'Domains, DNS, Email & SSL Certificates' started by eva2000, Jul 26, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  2. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    9:09 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    Hello!
    Can I create and use separate certificates for subdomains? For example:
    1. domain.tld www.domain.tld
    2. sub1.domain.tld (without www)
    3. sub2.domain.tld (without www)
     
  3. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes they're just separate nginx vhosts
     
  4. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    9:09 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    Thank you!

    How to skip appending www version?
     
  5. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    acmetool.sh auto detects if it's subdomain and auto skips www for ssl cert
     
  6. Mastergumble

    Mastergumble Premium Member Premium Member

    38
    7
    8
    Sep 29, 2016
    Ratings:
    +16
    Local Time:
    7:09 PM
    1.11.x
    10.x
    Deployed 6 and one subdomain on test server without big issues, just had to run
    Code:
    ./acmetool.sh issue acme.domain.com live
    instead of
    Code:
    ./acmetool.sh issue acme.domain.com lived
    or Letsencrypt validation would not be able to full check the domain www
     
  7. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    should work with either those 2 commands
     
  8. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    9:09 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    I do not use staticfiles.conf and I have to use the section:
    Code (Text):
        location ~ /.well-known {
            location ~ /.well-known/acme-challenge/(.*) {
                    more_set_headers    "Content-Type: text/plain";
            }
        }
    

    Is it enough for nginx?

    Or acme.sh adds and removes this section?
     
    Last edited: Dec 2, 2016
  9. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes that location context for /.well-known would need to be added to each nginx vhost you want to use addons/acmetool.sh to get letsencrypt domain validation for ssl certs. The underlying acme.sh client does not touch nginx vhost in anyway just validates and issues letsencrypt ssl certificates.
     
  10. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    9:09 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    What do you think about using more pretty and faster location section:
    Code (Text):
    location = /.well-known/acme-challenge/ { access_log off; more_set_headers "Content-Type: text/plain"; }
     
    Last edited: Dec 4, 2016
  11. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    try it and see
     
  12. raciasolvo

    raciasolvo Member

    98
    10
    8
    Oct 7, 2016
    Ratings:
    +27
    Local Time:
    9:09 PM
    Nginx 1.11.6
    MariaDB 10.0.27
    It works. :)
     
  13. benyhirmansyah

    benyhirmansyah New Member

    7
    1
    3
    Dec 10, 2016
    Indonesia
    Ratings:
    +3
    Local Time:
    1:09 AM
    1.11.x
    10
    Just want to report,

    I've tried latest centminmod beta and let's encrypt add-on. Installing this on my production server, I know it's recommended to use a testing server but I don't care since I always backup my server regularly. It's just a simple wordpress blog anyway.

    First time trying was failed, I cannot verify my top level domain to let's encrypt server. Then, I delete all old vhost and make another new vhost using centmin.sh menu with additional let's encrypt live feature. It works. I also use KeyCDN because they are one of compatible CDN with Let's Encrypt. And now, all of my wordpress pages have lovely green padlock icon. I assume that acme tool working as I expect.

    I heard that, in centminmod 09 stable version let's encrypt feature will be disabled automatically. I hope it won't be dropped from centminmod. I want to see centminmod stable working with let's encrypt. This will be a perfect combination which I've waited for a long time.

    Now, I just wait if renew certificate cronjob working as it should be.

    Thanks,
    Beny
     
  14. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    thanks for the detailed feedback :) You can test your https site via SSL Server Test (Powered by Qualys SSL Labs) to see if all is working properly :)

    yeah it will be disabled by default with optional re-enable by end user for testing as per 1st post of this thread. It won't be dropped from centmin mod though is it's a useful feature that just needs more time to perfect :)

    let us know how it goes :)
     
  15. benyhirmansyah

    benyhirmansyah New Member

    7
    1
    3
    Dec 10, 2016
    Indonesia
    Ratings:
    +3
    Local Time:
    1:09 AM
    1.11.x
    10
    got an A score. In some old browsers, it fails. Similar result with Cloudflare SSL test.

    [​IMG]
     
  16. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yup that looks right as old browsers aren't supported with the modern ssl cipher preferences used.
     
  17. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    8:09 PM
    1
    10
    Whats the significance of a pushover account, regular email goes to tablets and mobile phones if its setup, is there a special way to integrate this. Although i will have to admit its no big deal as im only running 6 sites, so keeping on top of reissuing ssl certs every few months isnt that big of a problem
     
  18. eva2000

    eva2000 Administrator Staff Member

    44,785
    10,212
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,828
    Local Time:
    4:09 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
  19. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    8:09 PM
    1
    10
    Thanks i was on that page, totally missed that part somehow
     
  20. SFLC

    SFLC Active Member

    224
    59
    28
    Dec 4, 2016
    The Canadas
    Ratings:
    +112
    Local Time:
    8:09 PM
    1
    10
    I run a few sites that rely on some super funky nginx conf rules, does renewing or reissuing certs return nginx conf to stock again and id have to go back and readd my rules