Announcement

Collapse
No announcement yet.

Problem In Let's Encrypt Plugin

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • mdeinhardt
    replied
    For anybody else having the same understanding issue as me: You can select multiple subdomains by clicking them in the "Generate all with Let's Encrypt" dialogue (CTRL-click).

    I habe always selected just one domain and thought I was limited to just one by LE, I didn't know I could select more (even tried with 4 now, works perfectly).

    Cheers,

    Michael

    Leave a comment:


  • Synthetisoft
    replied
    These issues are now resolved in the latest RELEASE version of Interworx. One can now select the domain and subdomains they wish to secure.

    Leave a comment:


  • Synthetisoft
    replied
    /facepalm

    I was sure that my method of manually doing it would work but when trying to visit www.mydomain.com I get: NET::ERR_CERT_COMMON_NAME_INVALID

    with the familiar browser warning that the page isn't secure.

    EDIT: NVM. Got it to work! Just had to restart web server. Updating procedure.
    Last edited by Synthetisoft; 07-10-2016, 01:06 PM.

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    Updates pushed to stable will most likely take around 3 - 6 months I believe

    Lets encrypt will not use wildcard SSL (think everyone had the same thought, I tried it but it does not work)

    Many thanks

    John

    Leave a comment:


  • Synthetisoft
    replied
    Just in case anyone wants the exact procedure to use until this feature is in stable. Here's what you do...

    1) In Siteworx, enable Let's Encrypt for yourdomain.com
    2) Login to your server as root and run the following command: certbot certonly --webroot -w /home/example/public_html -d example.com -d www.example.com
    3) Certbot will say something like "You have an existing certificate, would you like to expand and replace it" to which you choose the option "Expand."
    4) Restart your web server (Apache/Litespeed/etc.).
    5) If you now refresh the SSL page in siteworx you'll now it shows both dns names under "Alternate Domains."

    Notes: Using the -d flag you can add as many subdomains as you want (Maybe even a wildcard as in *. but I haven't tried that yet). Also, you can always run the command again if you left out a subdomain. If you run into any problems after doing this (Such as not being able to use the IW Let's Encrypt plugin) there are some files that certbot creates after you execute this manual procedure. I forget the paths but they're easy to find. Deleting the files associated with the certificate you generated will restore the IW plugin's functionality to normal. Using this method will only affect the Let's Encrypt plugin for the accounts you use it on.

    Encrypt the Planet

    Last edited by Synthetisoft; 07-10-2016, 01:27 PM.

    Leave a comment:


  • Synthetisoft
    replied
    Originally posted by d2d4j View Post
    Hi synthetisoft

    Good news, IW has pushed multi CN out in release candidate 5.1.19, according to change log for beta (which has to be updated for RC)

    Well done IW, there very quick

    Many thanks

    John
    How long does it usually take to get to stable? I'm not in the habit of using betas or RCs on production servers.

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    Good news, IW has pushed multi CN out in release candidate 5.1.19, according to change log for beta (which has to be updated for RC)

    Well done IW, there very quick

    Many thanks

    John

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    Many thanks, and hope you feel better soon

    If I had to guess, I would think it is more likely to included in the system path, but it's 50/50 to be correct

    Once again, thanks for your excellent posts, I'm sure they help others

    Many thanks

    John

    Leave a comment:


  • Synthetisoft
    replied
    Originally posted by d2d4j View Post
    Hi synthetisoft

    Many thanks

    Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

    Hopefully IW will incorporate very soon, but only after it's been tested

    Many thanks

    John
    NP. I think you misread a bit still though. The plugin installs Let's Encrypt on the system using the Let's Encrypt Github repo to the path I just previously posted. The code that runs certbot when you use Let's Encrypt in Interworx isn't part of the plugin code. It's hard coded into Interworx. That's why I need to know exactly what's being passed to certbot and which of the certbot exes are being used. There are more than one at that path and I already tried replacing the main certbot with a script to record stdin input then ran it from the panel but it didn't use the main certbot program so I got no IO.

    As for yum, I only mentioned it because before I realized that the git repo was already on my server as a result of the plugin/installer, I used yum to install it (The package is in one of the extended RHEL repos, I forget which one but I have them all installed). So now I have Let's Encrypt installed to the system as well as what Interworx pulls to that other path I posted. That's why I asked if the panel specifies the full path when running it or if it was included in the system path prior to me installing it with yum.

    If those questions were answered, a patch would be easy. I've been sick so I haven't felt like tinkering to figure out which file is executed by the panel's inner code. If it's still not fixed by the time I feel better and have a few extra minutes I'll figure it out myself and make a bash script patch.
    Last edited by Synthetisoft; 06-17-2016, 05:00 PM.

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    Many thanks

    Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it's GitHub, then it would not. Hence my reasoning that certbot not installed

    Hopefully IW will incorporate very soon, but only after it's been tested

    Many thanks

    John

    Leave a comment:


  • Synthetisoft
    replied
    Originally posted by d2d4j View Post
    Hi synthetisoft

    I would imagine there is no link to certbot, as it was not installed

    I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

    I could be wrong though and I would not expect IW to post any time frames for commercial reasons

    If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

    Many thanks

    John
    certbot is installed by the plugin. It's pulled from github to /home/interworx/lib/letsencrypt/

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    I would imagine there is no link to certbot, as it was not installed

    I was thinking of a hook using bash until it is incorporate fully by IW perhaps, using cli for LE, then runs your certbot

    I could be wrong though and I would not expect IW to post any time frames for commercial reasons

    If it helps, I reported an issue a few weeks ago, and it is in the latest release candid after been in beta first

    Many thanks

    John

    Leave a comment:


  • Synthetisoft
    replied
    If someone from Interworx will tell me which executable file they invoke and the flags they send, I'll go ahead and make a patch. Otherwise I'd have to replace each of the exes in the letsencrypt directory I think might be responsible for creating an account and log the stdin data. So I'll do that if someone gives me that info and this isn't planned on being fixed within the next few weeks.

    Note: I've just tried replacing certbot with a bash script that logs all stdin but when I tried to secure a site with lets encrypt, it didn't use /home/interworx/lib/letsencrypt/certbot . Is there a different file it uses or is it because I've installed lets encrypt with apt-get? Does Interworx specify the path to certbot like /home/interworx/lib/letsencrypt/certbot when it invokes it or does it just run "certbot input1 input2" ? Or some other file first?

    Edit: I couldn't simply edit the plugin because the plugin doesn't do anything but install Let's Encrypt. It isn't responsible for securing sites so I have to make a patch script.
    Last edited by Synthetisoft; 06-09-2016, 10:03 PM.

    Leave a comment:


  • d2d4j
    replied
    Hi synthetisoft

    It would be lovely if you could share, and kudos to you for your work

    Many thanks

    John

    Leave a comment:


  • Synthetisoft
    replied
    Originally posted by IWorx-Nathan View Post
    Hey Synthetisoft,

    The Let's Encrypt plugin is located in the plugins directory. To generate Let's Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:

    Code:
    siteworx -n -u --login_domain iwtest.com -c Ssl --action generateLetsEncrypt --domain iwtest.com --commonName iwtest.com
    Generating a script for multiple domains and subdomains appears to be a new feature for Let's Encrypt. We've created a feature request to implement this functionality in a future release.

    Thanks,

    Nathan
    I saw the plugin file but all its functionality isn't there (I guess I'll look at it again tomorrow in case I missed something). I have an idea though. It's good that you plan to add that feature but until then, since I at least know which file is being used to generate certs, I should be able to replace certbot with a bash script that will call certbot and cert all the subdomains of an account while we wait for an update. Or at least for www in addition. If I do I'll post the modification in the forum as well as how to revert it once the feature has been implemented.

    Leave a comment:

Working...
X