 | Lars Fosdal on Security alarm provider Woonve… |
 | Thomas Mueller on Question got closed in May 202… |
 | Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
Posted by jpluimers on 2017/03/06
In case you manually want to configure or have a web-server that’s not supported by certbot for letsencrypt (yet): Generate Mozilla Security Recommended Web Server Configuration Files.
At the time of writing, these were supported by the generator (* were not supported by certbot for letsencrypt yet):
–jeroen
via: Feature request: admin web interface over HTTPS · Issue #630 · pi-hole/pi-hole
Posted in *nix, *nix-tools, Apache2, Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security | Leave a Comment »
Posted by jpluimers on 2017/01/24
The Let’s Encrypt certbot (formerly letsencrypt) had some trouble on my machinery.
When trying to test if Apache default default · Issue #3307 · certbot/certbot and opensuse Tumbleweed: Each time I run certbot, a line with Listen 443 gets added to /etc/apache2/httpd.conf · Issue #3364 · certbot/certbot were fixed, I had to run certbot directly using specific github branches.
Normally certbot queries https://pypi.python.org/pypi/certbot/json to install the latest sanctioned version of itself. Which means this won’t work to run the version from github:
git clone https://github.com/certbot/certbot.git cd certbot ./cerbot-auto <<command-line-parameters>>
But the below does:
git clone https://github.com/certbot/certbot.git cd certbot git checkout -b <<branch-name>> ./letsencrypt-auto-source/letsencrypt-auto --os-packages-only ./tools/venv.sh source venv/bin/activate cerbot <<command-line-parameters>>
The last statement will run ./venv/bin/certbot but you can also hard-code that (or perform which certbot to verify the directory is on the pat).
I used it to test with this branch:
git checkout -b origin/osrelease_like
The above are basically steps to setup a virtualenv as mentioned in Developer Guide — Certbot 0.9.0.dev0 documentation.
To undo, just run this from the certbot directory:
deactivate rm -rf venv
The first statement will adjust your path and the second get rid of the virtual environment including all packages that were downloaded in it.
If you forgot to remove the venv directory, there might be old versions hanging around named like venv.1470590779.bak where the number in the middle is the number of seconds since unix epoch (1970-01-01 00:00:00 UTC) which you might want to remove as well.
Inside the venv environment you can use all kinds of Python tools, for instance:
pip install ipdb after which you can add import ipdb;ipdb.set_trace() to any source line to break right into the Python debugger. There, it will drop you into debug console, which is pretty much fully fledged Python interpreter.pip freeze to show all installed Python packages.While testing, you can use the --test-cert or --staging command-line-options to use the Let’s Encrypt staging-environment this prevent running into the live environment rate limits (the main ones at time of writing are a Duplicate Certificate limit of 5 certificates per week and a Certificates per Registered Domain limit of 20 per week, whichever limit is lower).
–jeroen
Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2016/12/30
Now that everyone has had enough time to get proper TLS certificates using for instance LetsEncrypt, it’s time to up the ante: score better than an A on the SSL Labs tests from either their main site or dev site:
Here are some links to get there:
–jeroen
Posted in *nix, Apache2, Communications Development, Development, Encryption, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, TCP, TLS | Leave a Comment »
Posted by jpluimers on 2016/10/13
IRC #letsencrypt-dev today:
Is there any way for `certbot-auto` to show for which domains/apache-configs it has certificates?
wiert, we actually made a ticket for 0.10.0 to do that
https://github.com/certbot/certbot/issues/3615
in the mean time, your imperfect options are:
for file in /etc/letsencrypt/live/*/fullchain.pem ; do echo -n $file ; openssl x509 -text -noout -in $file | grep DNS; donefor installation in Apache configs, you can follow that with:
grep /etc/letsencrypt/live /etc/apache2/sites-enabled/*@pdeee on OpenSuSE, the last statement should be
grep -r /etc/letsencrypt/live /etc/apache2/*
–jeroen
Posted in *nix, Encryption, Let's Encrypt (letsencrypt/certbot), Linux, openSuSE, Power User, Security, SuSE Linux | Leave a Comment »
Posted by jpluimers on 2016/04/27
400+ Free Resources for DevOps & Sysadmins ranging from bitbucket/gitbub via letsencrypt through loggly to cloudflare and all soorts of *aaS online IDEs, payment services and more.
via: Mary Tee referred to by Joe Hecht.
–jeroen
Posted in Development, Encryption, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 