The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers
«
»

Using the github version of certbot (formerly letsencrypt) to get Let’s Encrypt certificates

Posted by jpluimers on 2017/01/24

The Let’s Encrypt certbot (formerly letsencrypt) had some trouble on my machinery.

When trying to test if Apache default default · Issue #3307 · certbot/certbot and opensuse Tumbleweed: Each time I run certbot, a line with Listen 443 gets added to /etc/apache2/httpd.conf · Issue #3364 · certbot/certbot were fixed, I had to run certbot directly using specific github branches.

Normally certbot queries https://pypi.python.org/pypi/certbot/json to install the latest sanctioned version of itself. Which means this won’t work to run the version from github:

git clone https://github.com/certbot/certbot.git
cd certbot
./cerbot-auto <<command-line-parameters>>

But the below does:

git clone https://github.com/certbot/certbot.git
cd certbot
git checkout -b <<branch-name>>
./letsencrypt-auto-source/letsencrypt-auto --os-packages-only
./tools/venv.sh
source venv/bin/activate
cerbot <<command-line-parameters>>

The last statement will run ./venv/bin/certbot but you can also hard-code that (or perform which certbot to verify the directory is on the pat).

I used it to test with this branch:

git checkout -b origin/osrelease_like

The above are basically steps to setup a virtualenv as mentioned in Developer Guide — Certbot 0.9.0.dev0 documentation.

To undo, just run this from the certbot directory:

deactivate
rm -rf venv

The first statement will adjust your path and the second get rid of the virtual environment including all packages that were downloaded in it.

If you forgot to remove the venv directory, there might be old versions hanging around named like venv.1470590779.bak where the number in the middle is the number of seconds since unix epoch (1970-01-01 00:00:00 UTC) which you might want to remove as well.

Inside the venv environment you can use all kinds of Python tools, for instance:

  • Perform pip install ipdb after which you can add import ipdb;ipdb.set_trace() to any source line to break right into the Python debugger. There, it will drop you into debug console, which is pretty much fully fledged Python interpreter.
  • Run pip freeze to show all installed Python packages.

While testing, you can use the --test-cert or --staging command-line-options to use the Let’s Encrypt staging-environment this prevent running into the live environment rate limits (the main ones at time of writing are a Duplicate Certificate limit of 5 certificates per week and a Certificates per Registered Domain limit of 20 per week, whichever limit is lower).

–jeroen

This entry was posted on 2017/01/24 at 12:00 and is filed under *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

«
»