Announcement

Collapse
No announcement yet.

Problem In Let's Encrypt Plugin

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem In Let's Encrypt Plugin

    The Let's Encrypt plugin would be great except that when you use it, it generates a certificate that's only good for one common name. It can't cover www. or any other subdomains; however, Let's Encrypt is capable of creating a cert that covers multiple subdomains in a single command. Please reference: https://letsencrypt.org/getting-started/ . This command will generate a cert for both the main domain and www...
    certbot certonly --webroot -w /home/example/public_html -d example.com -d www.example.com

    or...

    certbot certonly --standalone -d example.com -d www.example.com

  • #2
    I've found a workaround (For now). Install certbot via yum. Install the Let's Encrypt cert in siteworx for the domain. Then, use certbot to generate a cert for www. or whatever.yourdomain.com. certbot will offer to add the new name to the existing certificate. This will work for now but it has some caveats. I wasn't able to use certbot without being logged into ssh as root (Maybe a chroot limitation). This will cause Let's Encrypt files in the user home dir (Only Let's Encrypt related files) to be owned by root. This can be corrected of course with chown. And of course nobody wants to have to go through any of these steps at all so it would be nice if we could generate more versatile certificates.

    If you do what I've suggested manually, I think you only need to do it like: certbot --webroot -w /home/example/public_html -d example/com -d www.example.com

    It will then ask you if you want to add www to the cert.

    If the siteworx Let's Encrypt generator ever gives you any errors it's probably because you have an .htaccess file that's messing up the domain ownership verification.
    Last edited by Synthetisoft; 06-05-2016, 10:57 PM.

    Comment


    • #3
      Is there way I can edit a plugin? I know PHP.

      Edit: Found it and the plugin docs.
      Last edited by Synthetisoft; 06-05-2016, 11:47 PM.

      Comment


      • #4
        The Let's Encrypt plugin wasn't coded in accordance to the plugin documentation. The file/directory structure and other conventions were not followed. The plugin only installs Let's Encrypt on the system by cloning a git repo. Since the plugin wasn't created as the documentation instructs, I have no idea how it integrates into Interworx. If someone could however tell me which script is responsible for the creation of a new certificate as well as which script handles the plugin's GUI, I could modify it to enhance its capabilities.

        It was created by a Paul Oehler of Interworx. The data in plugin.ini says 2009. That can't be right. The git repo is cloned to /home/interworx/lib/letsencrypt .
        Last edited by Synthetisoft; 06-05-2016, 11:59 PM.

        Comment


        • #5
          It looks like the GUI part of this plugin may have been hard coded into Interworx. I'd really like to be able to modify it and the script that's invoked to secure a new site.

          Comment


          • #6
            Hi synthetisoft

            Wow, more great posts, thanks

            I would advise you contact IW support (support-at-interworx-dot-com) and quote this thread.

            The reason for this is because you maybe intruding upon T&Cs of IW and IW are extremely helpful, listen and their the guys to ask.

            Many thanks

            John

            Comment


            • #7
              Hey Synthetisoft,

              The Let's Encrypt plugin is located in the plugins directory. To generate Let's Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:

              Code:
              siteworx -n -u --login_domain iwtest.com -c Ssl --action generateLetsEncrypt --domain iwtest.com --commonName iwtest.com
              Generating a script for multiple domains and subdomains appears to be a new feature for Let's Encrypt. We've created a feature request to implement this functionality in a future release.

              Thanks,

              Nathan

              Comment


              • #8
                Originally posted by IWorx-Nathan View Post
                Hey Synthetisoft,

                The Let's Encrypt plugin is located in the plugins directory. To generate Let's Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:

                Code:
                siteworx -n -u --login_domain iwtest.com -c Ssl --action generateLetsEncrypt --domain iwtest.com --commonName iwtest.com
                Generating a script for multiple domains and subdomains appears to be a new feature for Let's Encrypt. We've created a feature request to implement this functionality in a future release.

                Thanks,

                Nathan
                I saw the plugin file but all its functionality isn't there (I guess I'll look at it again tomorrow in case I missed something). I have an idea though. It's good that you plan to add that feature but until then, since I at least know which file is being used to generate certs, I should be able to replace certbot with a bash script that will call certbot and cert all the subdomains of an account while we wait for an update. Or at least for www in addition. If I do I'll post the modification in the forum as well as how to revert it once the feature has been implemented.

                Comment


                • #9
                  Hi synthetisoft

                  It would be lovely if you could share, and kudos to you for your work

                  Many thanks

                  John

                  Comment


                  • #10
                    If someone from Interworx will tell me which executable file they invoke and the flags they send, I'll go ahead and make a patch. Otherwise I'd have to replace each of the exes in the letsencrypt directory I think might be responsible for creating an account and log the stdin data. So I'll do that if someone gives me that info and this isn't planned on being fixed within the next few weeks.

                    Note: I've just tried replacing certbot with a bash script that logs all stdin but when I tried to secure a site with lets encrypt, it didn't use /home/interworx/lib/letsencrypt/certbot . Is there a different file it uses or is it because I've installed lets encrypt with apt-get? Does Interworx specify the path to certbot like /home/interworx/lib/letsencrypt/certbot when it invokes it or does it just run "certbot input1 input2" ? Or some other file first?

                    Edit: I couldn't simply edit the plugin because the plugin doesn't do anything but install Let's Encrypt. It isn't responsible for securing sites so I have to make a patch script.
                    Last edited by Synthetisoft; 06-09-2016, 10:03 PM.

                    Comment


                    • #11
                      Hi synthetisoft

                      I would imagine there is no link to certbot, as it was not installed

                      I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

                      I could be wrong though and I would not expect IW to post any time frames for commercial reasons

                      If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

                      Many thanks

                      John

                      Comment


                      • #12
                        Originally posted by d2d4j View Post
                        Hi synthetisoft

                        I would imagine there is no link to certbot, as it was not installed

                        I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

                        I could be wrong though and I would not expect IW to post any time frames for commercial reasons

                        If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

                        Many thanks

                        John
                        certbot is installed by the plugin. It's pulled from github to /home/interworx/lib/letsencrypt/

                        Comment


                        • #13
                          Hi synthetisoft

                          Many thanks

                          Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

                          Hopefully IW will incorporate very soon, but only after it's been tested

                          Many thanks

                          John

                          Comment


                          • #14
                            Originally posted by d2d4j View Post
                            Hi synthetisoft

                            Many thanks

                            Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

                            Hopefully IW will incorporate very soon, but only after it's been tested

                            Many thanks

                            John
                            NP. I think you misread a bit still though. The plugin installs Let's Encrypt on the system using the Let's Encrypt Github repo to the path I just previously posted. The code that runs certbot when you use Let's Encrypt in Interworx isn't part of the plugin code. It's hard coded into Interworx. That's why I need to know exactly what's being passed to certbot and which of the certbot exes are being used. There are more than one at that path and I already tried replacing the main certbot with a script to record stdin input then ran it from the panel but it didn't use the main certbot program so I got no IO.

                            As for yum, I only mentioned it because before I realized that the git repo was already on my server as a result of the plugin/installer, I used yum to install it (The package is in one of the extended RHEL repos, I forget which one but I have them all installed). So now I have Let's Encrypt installed to the system as well as what Interworx pulls to that other path I posted. That's why I asked if the panel specifies the full path when running it or if it was included in the system path prior to me installing it with yum.

                            If those questions were answered, a patch would be easy. I've been sick so I haven't felt like tinkering to figure out which file is executed by the panel's inner code. If it's still not fixed by the time I feel better and have a few extra minutes I'll figure it out myself and make a bash script patch.
                            Last edited by Synthetisoft; 06-17-2016, 05:00 PM.

                            Comment


                            • #15
                              Hi synthetisoft

                              Many thanks, and hope you feel better soon

                              If I had to guess, I would think it is more likely to included in the system path, but it's 50/50 to be correct

                              Once again, thanks for your excellent posts, I'm sure they help others

                              Many thanks

                              John

                              Comment

                              Working...
                              X