scanterog at gmail.com
Tue Mar 1 17:28:11 EST 2016
We are automating the renewal process with the official one. You can check
this on https://wiki.sugarlabs.org/go/Sysadmin/Letsencrypt
In case you find simp_le a lot better, please share the info in our wiki :)
On Mon, Feb 29, 2016 at 11:14 PM, Sebastian Silva <sebastian at fuentelibre.org
> Lol. I didn't think to try to look for alternative letsencrypt clients,
> but I've used the official one a few times. However I have to renew in
> March so I'm also looking to automate this. Thanks for the research! I
> think I'll try *simp_le* and share :-)
> On 29/02/16 20:53, Bernie Innocenti wrote:
> Great, thanks for taking care of this and for the update.
> Dumb question: which letsencrypt client are we using? There are a number
> of options:
> A couple of weeks ago, I wanted to setup letsencrypt for codewiz.org,
> but the official one seemed quite overengineered, so I tried
> letsencrypt-nosudo instead. The problem with the nosudo script is that
> it's designed for interactive renewal when the user key is kept offline
> (a prudent measure, but I'm too lazy for that :-).
> The next ones I'd like to try are:
> Anyway, I'm shocked by how many weird ways exist to do something as
> simple as generating an SSL certificate and getting it signed by a CA
> with a challenge. What are your impressions?
> On 02/29/2016 11:04 AM, Samuel Cantero wrote:
> I was testing our access to the .well-known/acme-challenge directory forwww.slo and nagios.slo. LE must have access to this directory in order
> to validate the domain with a set of challenges (in this case
> provisioning an HTTP resource under this URI). This access wasn't
> working. I fixed it for http and https. Now, we are also forcing https
> for all pages except domain/.well/known-challenge. It was forcing https
> for all pages.
> In addition, sometime ago we defined in nginx the same directory for the
> acme-challenge for both domains but we forgot to set the same webroot in
> the LE config file for each domain. I also fixed this.
> I tested all this config with the nagios domain and the certificate was
> renewed successfully. I also changed in the renewal script the renewal
> time. We defined to renew the SSL certificate 15 days before the
> expiration day. I changed this to 30 in order to validate the process
> with the www.slo domain in 3 days. www.slo certificate was issued on
> January 3 and is going to expire on April 2.
> Best regards,
> Samuel C.
> On Fri, Feb 26, 2016 at 10:56 PM, Bernie Innocenti <bernie at codewiz.org<mailto:bernie at codewiz.org> <bernie at codewiz.org>> wrote:
> Sam, could you make the renew-certs-le not produce any output when
> everything goes well and only nag if we need to fix something?
> -------- Forwarded Message --------
> Subject: Cron <root at freedom> test -x /usr/sbin/anacron || ( cd / &&
> run-parts --report /etc/cron.daily )
> Date: Fri, 26 Feb 2016 08:00:07 -0500 (EST)
> From: Cron Daemon <root at freedom.sugarlabs.org
> <mailto:root at freedom.sugarlabs.org> <root at freedom.sugarlabs.org>>
> To: root at freedom.sugarlabs.org <mailto:root at freedom.sugarlabs.org> <root at freedom.sugarlabs.org>
> The certificate for nagios.sugarlabs.org
> <http://nagios.sugarlabs.org> <http://nagios.sugarlabs.org> is up to date, no need for
> renewal (36 days left for renewal).
> The certificate for sugarlabs.org <http://sugarlabs.org> <http://sugarlabs.org> is up to
> date, no need for renewal (36
> days left for renewal).
> run-parts: /etc/cron.daily/wizbackup exited with return code 1
> Systems mailing list
> Systems at lists.sugarlabs.org <mailto:Systems at lists.sugarlabs.org> <Systems at lists.sugarlabs.org>
> I+D SomosAzucar.Org
> "icarito" #somosazucar en Freenode IRC
> "Nadie libera a nadie, nadie se libera solo. Los seres humanos se liberan en comunión" - P. Freire
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Systems