<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Lol. I didn't think to try to look for alternative letsencrypt
clients, but I've used the official one a few times. However I have
to renew in March so I'm also looking to automate this. Thanks for
the research! I think I'll try <i>simp_le</i> and share :-)<br>
<br>
Regards,<br>
Sebastian<br>
<br>
<div class="moz-cite-prefix">On 29/02/16 20:53, Bernie Innocenti
wrote:<br>
</div>
<blockquote cite="mid:56D4F60A.5020401@codewiz.org" type="cite">
<pre wrap="">Great, thanks for taking care of this and for the update.
Dumb question: which letsencrypt client are we using? There are a number
of options:
<a class="moz-txt-link-freetext" href="https://community.letsencrypt.org/t/list-of-client-implementations/2103">https://community.letsencrypt.org/t/list-of-client-implementations/2103</a>
A couple of weeks ago, I wanted to setup letsencrypt for codewiz.org,
but the official one seemed quite overengineered, so I tried
letsencrypt-nosudo instead. The problem with the nosudo script is that
it's designed for interactive renewal when the user key is kept offline
(a prudent measure, but I'm too lazy for that :-).
The next ones I'd like to try are:
<a class="moz-txt-link-freetext" href="https://github.com/kuba/simp_le">https://github.com/kuba/simp_le</a>
<a class="moz-txt-link-freetext" href="https://github.com/lukas2511/letsencrypt.sh">https://github.com/lukas2511/letsencrypt.sh</a>
Anyway, I'm shocked by how many weird ways exist to do something as
simple as generating an SSL certificate and getting it signed by a CA
with a challenge. What are your impressions?
On 02/29/2016 11:04 AM, Samuel Cantero wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I was testing our access to the .well-known/acme-challenge directory for
<a class="moz-txt-link-abbreviated" href="http://www.slo">www.slo</a> and nagios.slo. LE must have access to this directory in order
to validate the domain with a set of challenges (in this case
provisioning an HTTP resource under this URI). This access wasn't
working. I fixed it for http and https. Now, we are also forcing https
for all pages except domain/.well/known-challenge. It was forcing https
for all pages.
In addition, sometime ago we defined in nginx the same directory for the
acme-challenge for both domains but we forgot to set the same webroot in
the LE config file for each domain. I also fixed this.
I tested all this config with the nagios domain and the certificate was
renewed successfully. I also changed in the renewal script the renewal
time. We defined to renew the SSL certificate 15 days before the
expiration day. I changed this to 30 in order to validate the process
with the <a class="moz-txt-link-abbreviated" href="http://www.slo">www.slo</a> domain in 3 days. <a class="moz-txt-link-abbreviated" href="http://www.slo">www.slo</a> certificate was issued on
January 3 and is going to expire on April 2.
Best regards,
Samuel C.
On Fri, Feb 26, 2016 at 10:56 PM, Bernie Innocenti <<a class="moz-txt-link-abbreviated" href="mailto:bernie@codewiz.org">bernie@codewiz.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:bernie@codewiz.org"><mailto:bernie@codewiz.org></a>> wrote:
Sam, could you make the renew-certs-le not produce any output when
everything goes well and only nag if we need to fix something?
-------- Forwarded Message --------
Subject: Cron <root@freedom> test -x /usr/sbin/anacron || ( cd / &&
run-parts --report /etc/cron.daily )
Date: Fri, 26 Feb 2016 08:00:07 -0500 (EST)
From: Cron Daemon <<a class="moz-txt-link-abbreviated" href="mailto:root@freedom.sugarlabs.org">root@freedom.sugarlabs.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:root@freedom.sugarlabs.org"><mailto:root@freedom.sugarlabs.org></a>>
To: <a class="moz-txt-link-abbreviated" href="mailto:root@freedom.sugarlabs.org">root@freedom.sugarlabs.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:root@freedom.sugarlabs.org"><mailto:root@freedom.sugarlabs.org></a>
/etc/cron.daily/renew-certs-le:
The certificate for nagios.sugarlabs.org
<a class="moz-txt-link-rfc2396E" href="http://nagios.sugarlabs.org"><http://nagios.sugarlabs.org></a> is up to date, no need for
renewal (36 days left for renewal).
The certificate for sugarlabs.org <a class="moz-txt-link-rfc2396E" href="http://sugarlabs.org"><http://sugarlabs.org></a> is up to
date, no need for renewal (36
days left for renewal).
/etc/cron.daily/wizbackup:
1456488867:lightwave.sugarlabs.org:0:255
run-parts: /etc/cron.daily/wizbackup exited with return code 1
_______________________________________________
Systems mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Systems@lists.sugarlabs.org">Systems@lists.sugarlabs.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:Systems@lists.sugarlabs.org"><mailto:Systems@lists.sugarlabs.org></a>
<a class="moz-txt-link-freetext" href="http://lists.sugarlabs.org/listinfo/systems">http://lists.sugarlabs.org/listinfo/systems</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
I+D SomosAzucar.Org
"icarito" #somosazucar en Freenode IRC
"Nadie libera a nadie, nadie se libera solo. Los seres humanos se liberan en comuniĆ³n" - P. Freire</pre>
</body>
</html>