Changes

From SME Server
Jump to navigationJump to search

Letsencrypt (view source)

Revision as of 17:25, 14 September 2016

1,163 bytes added ,  17:25, 14 September 2016
→‎Install with John Crisp contrib
Line 213: Line 213:     
==Install with John Crisp contrib==
 
==Install with John Crisp contrib==
{{Note box |Due to the change of names from Letsencrypt.sh to Dehydrated, a new contrib needs to made. The below will no longer work  until a new contrib is available}}
+
{{Note box |Due to the change of names from Letsencrypt.sh to Dehydrated I have made a new contrib 0.3-1 See notes below}}
    
Sources: https://github.com/reetp/smeserver-letsencrypt
 
Sources: https://github.com/reetp/smeserver-letsencrypt
Line 244: Line 244:  
Create test certificates (file is in the path so should be OK)
 
Create test certificates (file is in the path so should be OK)
   −
  letsencrypt.sh -c -x
+
  dehydrated -c -x
    
Once you are satisfied with your test
 
Once you are satisfied with your test
Line 254: Line 254:  
and
 
and
   −
  rm /etc/letsencrypt.sh/certs/* -rf
+
  rm /etc/dehydrated/certs/* -rf
  rm /etc/letsencrypt.sh/accounts/* -rf
+
  rm /etc/dehydrated/accounts/* -rf
  letsencrypt.sh -c -x
+
  dehydrated -c -x
    
Note thereafter you ONLY need to run
 
Note thereafter you ONLY need to run
   −
  letsencrypt.sh -c
+
  dehydrated -c
      Line 281: Line 281:  
  signal-event ibay-modify Primary
 
  signal-event ibay-modify Primary
   −
=== other info ===
+
=== Other info ===
 
Optional keys - (not required)
 
Optional keys - (not required)
   Line 317: Line 317:     
===Problems===
 
===Problems===
   
The first thing is to check all your domains can resolve
 
The first thing is to check all your domains can resolve
   Line 324: Line 323:  
Check that the following files are correctly generated
 
Check that the following files are correctly generated
   −
  /etc/letsencrypt.sh/config
+
  /etc/dehydrated/config
  /etc/letsencrypt.sh/domains.txt
+
  /etc/dehydrated/domains.txt
    
Set letsencrypt back to test and remove any generated keys
 
Set letsencrypt back to test and remove any generated keys
Line 331: Line 330:  
  db configuration setprop letsencrypt status test
 
  db configuration setprop letsencrypt status test
   −
  rm /etc/letsencrypt.sh/certs/* -rf
+
  rm /etc/dehydrated/certs/* -rf
  rm /etc/letsencrypt.sh/accounts/* -rf
+
  rm /etc/dehydrated/accounts/* -rf
   −
Then run letsencrypt.sh again
+
Then run letsencrypt again
   −
  letsencrypt.sh -c -x
+
  dehydrated -c -x
    
{{Note box | If you make too many failed attempts at certificate generation you will be locked out of the letsencrypt servers for up to a week. Make sure everything works in test mode before you try it for real! See notes on rate limits below}}
 
{{Note box | If you make too many failed attempts at certificate generation you will be locked out of the letsencrypt servers for up to a week. Make sure everything works in test mode before you try it for real! See notes on rate limits below}}
Line 342: Line 341:     
===Errors===
 
===Errors===
 
+
If you see the following:
If you see the following
      
  {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
 
  {"type":"urn:acme:error:unauthorized","detail":"No registration exists matching provided key","status":403}
Line 352: Line 350:       −
 
+
If you see something like this you may have hit the rate limit:
If you see something like this you may have hit the rate limit
      
  {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many currently pending authorizations.","status":429}
 
  {"type":"urn:acme:error:rateLimited","detail":"Error creating new authz :: Too many currently pending authorizations.","status":429}
Line 360: Line 357:     
https://letsencrypt.org/docs/rate-limits/
 
https://letsencrypt.org/docs/rate-limits/
 +
 +
 +
===Upgrade to the dehydrated script===
 +
The old letsencrypt.sh script has been renamed to dehydrated
 +
 +
To upgrade please do the following:
 +
 +
yum --enablerepo=reetp install smeserver-letsencrypt
 +
 +
signal-event post-upgrade; signal-event reboot
 +
 +
After the reboot you can then run the following to make new certificates:
 +
 +
dehydrated -c -x
 +
 +
I have sometime found that I get connection errors after installation as follows.
 +
 +
If you receive the following error:
 +
 +
ERROR: Problem connecting to server (get for https://acme-v01.api.letsencrypt.org/directory; curl returned with 6)
 +
 +
cd ~
 +
curl https://acme-v01.api.letsencrypt.org/directory
 +
dehydrated -c -x
 +
 +
If you then get an error like this:
 +
 +
ERROR: Problem connecting to server (get for http://cert.int-x3.letsencrypt.org/; curl returned with 6)
 +
 +
cd ~
 +
curl http://cert.int-x3.letsencrypt.org/ > /dev/null
 +
dehydrated -c -x
 +
 +
Check that the new certificates have been added to the modSSL key:
 +
 +
config show modSSL
 +
 +
root@asterisk ~]#config show modSSL
 +
 +
modSSL=service
 +
    CertificateChainFile=/etc/dehydrated/certs/yourdomain.com/chain.pem
 +
    TCPPort=443
 +
    access=public
 +
    crt=/etc/dehydrated/certs/yourdomain.com/cert.pem
 +
    key=/etc/dehydrated/certs/yourdomain.com/privkey.pem
 +
    status=enabled
    
==Source from info==
 
==Source from info==
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/32125"

Navigation menu