Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24

    Exclamation Problem In Let's Encrypt Plugin

    The Let's Encrypt plugin would be great except that when you use it, it generates a certificate that's only good for one common name. It can't cover www. or any other subdomains; however, Let's Encrypt is capable of creating a cert that covers multiple subdomains in a single command. Please reference: https://letsencrypt.org/getting-started/ . This command will generate a cert for both the main domain and www...
    certbot certonly --webroot -w /home/example/public_html -d example.com -d www.example.com

    or...

    certbot certonly --standalone -d example.com -d www.example.com

  2. #2
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    I've found a workaround (For now). Install certbot via yum. Install the Let's Encrypt cert in siteworx for the domain. Then, use certbot to generate a cert for www. or whatever.yourdomain.com. certbot will offer to add the new name to the existing certificate. This will work for now but it has some caveats. I wasn't able to use certbot without being logged into ssh as root (Maybe a chroot limitation). This will cause Let's Encrypt files in the user home dir (Only Let's Encrypt related files) to be owned by root. This can be corrected of course with chown. And of course nobody wants to have to go through any of these steps at all so it would be nice if we could generate more versatile certificates.

    If you do what I've suggested manually, I think you only need to do it like: certbot --webroot -w /home/example/public_html -d example/com -d www.example.com

    It will then ask you if you want to add www to the cert.

    If the siteworx Let's Encrypt generator ever gives you any errors it's probably because you have an .htaccess file that's messing up the domain ownership verification.
    Last edited by Synthetisoft; 06-05-2016 at 10:57 PM.

  3. #3
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    Is there way I can edit a plugin? I know PHP.

    Edit: Found it and the plugin docs.
    Last edited by Synthetisoft; 06-05-2016 at 11:47 PM.

  4. #4
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    The Let's Encrypt plugin wasn't coded in accordance to the plugin documentation. The file/directory structure and other conventions were not followed. The plugin only installs Let's Encrypt on the system by cloning a git repo. Since the plugin wasn't created as the documentation instructs, I have no idea how it integrates into Interworx. If someone could however tell me which script is responsible for the creation of a new certificate as well as which script handles the plugin's GUI, I could modify it to enhance its capabilities.

    It was created by a Paul Oehler of Interworx. The data in plugin.ini says 2009. That can't be right. The git repo is cloned to /home/interworx/lib/letsencrypt .
    Last edited by Synthetisoft; 06-05-2016 at 11:59 PM.

  5. #5
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    It looks like the GUI part of this plugin may have been hard coded into Interworx. I'd really like to be able to modify it and the script that's invoked to secure a new site.

  6. #6
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi synthetisoft

    Wow, more great posts, thanks

    I would advise you contact IW support (support-at-interworx-dot-com) and quote this thread.

    The reason for this is because you maybe intruding upon T&Cs of IW and IW are extremely helpful, listen and their the guys to ask.

    Many thanks

    John

  7. #7
    Join Date
    Apr 2014
    Posts
    40
    Points
    1,585
    Level
    16
    Hey Synthetisoft,

    The Let's Encrypt plugin is located in the plugins directory. To generate Let's Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:

    Code:
    siteworx -n -u --login_domain iwtest.com -c Ssl --action generateLetsEncrypt --domain iwtest.com --commonName iwtest.com
    Generating a script for multiple domains and subdomains appears to be a new feature for Let's Encrypt. We've created a feature request to implement this functionality in a future release.

    Thanks,

    Nathan

  8. The Following 2 Users Say Thank You to IWorx-Nathan For This Useful Post:


  9. #8
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    Quote Originally Posted by IWorx-Nathan View Post
    Hey Synthetisoft,

    The Let's Encrypt plugin is located in the plugins directory. To generate Let's Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:

    Code:
    siteworx -n -u --login_domain iwtest.com -c Ssl --action generateLetsEncrypt --domain iwtest.com --commonName iwtest.com
    Generating a script for multiple domains and subdomains appears to be a new feature for Let's Encrypt. We've created a feature request to implement this functionality in a future release.

    Thanks,

    Nathan
    I saw the plugin file but all its functionality isn't there (I guess I'll look at it again tomorrow in case I missed something). I have an idea though. It's good that you plan to add that feature but until then, since I at least know which file is being used to generate certs, I should be able to replace certbot with a bash script that will call certbot and cert all the subdomains of an account while we wait for an update. Or at least for www in addition. If I do I'll post the modification in the forum as well as how to revert it once the feature has been implemented.

  10. #9
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi synthetisoft

    It would be lovely if you could share, and kudos to you for your work

    Many thanks

    John

  11. #10
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    If someone from Interworx will tell me which executable file they invoke and the flags they send, I'll go ahead and make a patch. Otherwise I'd have to replace each of the exes in the letsencrypt directory I think might be responsible for creating an account and log the stdin data. So I'll do that if someone gives me that info and this isn't planned on being fixed within the next few weeks.

    Note: I've just tried replacing certbot with a bash script that logs all stdin but when I tried to secure a site with lets encrypt, it didn't use /home/interworx/lib/letsencrypt/certbot . Is there a different file it uses or is it because I've installed lets encrypt with apt-get? Does Interworx specify the path to certbot like /home/interworx/lib/letsencrypt/certbot when it invokes it or does it just run "certbot input1 input2" ? Or some other file first?

    Edit: I couldn't simply edit the plugin because the plugin doesn't do anything but install Let's Encrypt. It isn't responsible for securing sites so I have to make a patch script.
    Last edited by Synthetisoft; 06-09-2016 at 10:03 PM.

  12. #11
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi synthetisoft

    I would imagine there is no link to certbot, as it was not installed

    I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

    I could be wrong though and I would not expect IW to post any time frames for commercial reasons

    If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

    Many thanks

    John

  13. #12
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    Quote Originally Posted by d2d4j View Post
    Hi synthetisoft

    I would imagine there is no link to certbot, as it was not installed

    I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

    I could be wrong though and I would not expect IW to post any time frames for commercial reasons

    If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

    Many thanks

    John
    certbot is installed by the plugin. It's pulled from github to /home/interworx/lib/letsencrypt/

  14. #13
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi synthetisoft

    Many thanks

    Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

    Hopefully IW will incorporate very soon, but only after it's been tested

    Many thanks

    John

  15. #14
    Join Date
    Mar 2014
    Posts
    74
    Points
    3,484
    Level
    24
    Quote Originally Posted by d2d4j View Post
    Hi synthetisoft

    Many thanks

    Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

    Hopefully IW will incorporate very soon, but only after it's been tested

    Many thanks

    John
    NP. I think you misread a bit still though. The plugin installs Let's Encrypt on the system using the Let's Encrypt Github repo to the path I just previously posted. The code that runs certbot when you use Let's Encrypt in Interworx isn't part of the plugin code. It's hard coded into Interworx. That's why I need to know exactly what's being passed to certbot and which of the certbot exes are being used. There are more than one at that path and I already tried replacing the main certbot with a script to record stdin input then ran it from the panel but it didn't use the main certbot program so I got no IO.

    As for yum, I only mentioned it because before I realized that the git repo was already on my server as a result of the plugin/installer, I used yum to install it (The package is in one of the extended RHEL repos, I forget which one but I have them all installed). So now I have Let's Encrypt installed to the system as well as what Interworx pulls to that other path I posted. That's why I asked if the panel specifies the full path when running it or if it was included in the system path prior to me installing it with yum.

    If those questions were answered, a patch would be easy. I've been sick so I haven't felt like tinkering to figure out which file is executed by the panel's inner code. If it's still not fixed by the time I feel better and have a few extra minutes I'll figure it out myself and make a bash script patch.
    Last edited by Synthetisoft; 06-17-2016 at 05:00 PM.

  16. #15
    Join Date
    Apr 2012
    Posts
    2,179
    Points
    24,207
    Level
    68
    Hi synthetisoft

    Many thanks, and hope you feel better soon

    If I had to guess, I would think it is more likely to included in the system path, but it's 50/50 to be correct

    Once again, thanks for your excellent posts, I'm sure they help others

    Many thanks

    John

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •