Announcement

Collapse
No announcement yet.

LetsEncrypt for Hostname

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LetsEncrypt for Hostname

    First time using LetsEncrypt so I wanted to check before I did this. I want to create a certificate for my hostname as well as the other services (ftp, pop3, imap, smtp, interworx-ssl, web-server, etc).

    Is just generating a cert using the below command with certbot good enough for this? Going to generate the cert with the hostname and then use the cert/privkey to update all services. I use mail.domain.com instead of hostname.domain.com for mail though, so I assume I'll have to create a separate one for mail, or will the hostname one work for that as well?

    # certbot certonly --standalone -d hostname.domain.com -d mail.domain.com

  • #2
    Hi staxed

    Hope your well

    If you upgrade to release candidate, multi CN is an option

    However, it has only just come out of beta and I reported a bug with it, which Nathan reviewed and found a missing symlink, so will be in beta for a few weeks I guess

    Should work lovely once it released from beta

    Hope that helps

    The single SSL cert should cover all CN you have selected

    Many thanks

    John

    Comment


    • #3
      you reported a bug with the multi CN feature? Does said bug prevent it from working? Would rather a manual option that works right now then waiting a few weeks for it to get fixed :)

      Comment


      • #4
        Hi staxed

        Yes, it stops it from working

        You should be able to run your manual command to generate it, but I have not tried myself

        We use a paid wildcard SSL for our servers

        Many thanks

        John

        Comment


        • #5
          Yeah, I normally use a paid one as well...but wanted to give LetsEncrypt a go just to see how it works out :)

          Comment


          • #6
            hmm...getting an error trying to run command:

            # certbot --webroot -w /home/account/public_html -d domain.com -d www.domain.com -d sub.domain.com -d sub1.domain.com -d sub2.domain.com -d sub3.domain.com -d sub4.domain.com

            ----

            An unexpected error occurred:
            ImportError: version conflict: '/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so' C extension module was built for another version of psutil (different than 2.2.1)
            Please see the logfile 'certbot.log' for more details.

            -----

            Log File:


            Traceback (most recent call last):
            File "/usr/bin/certbot", line 9, in <module>
            load_entry_point('certbot==0.8.1', 'console_scripts', 'certbot')()
            File "/usr/lib/python2.7/site-packages/certbot/main.py", line 700, in main
            plugins = plugins_disco.PluginsRegistry.find_all()
            File "/usr/lib/python2.7/site-packages/certbot/plugins/disco.py", line 174, in find_all
            plugin_ep = PluginEntryPoint(entry_point)
            File "/usr/lib/python2.7/site-packages/certbot/plugins/disco.py", line 33, in __init__
            self.plugin_cls = entry_point.load()
            File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2229, in load
            return self.resolve()
            File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2235, in resolve
            module = __import__(self.module_name, fromlist=['__name__'], level=0)
            File "/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 19, in <module>
            from certbot.plugins import util
            File "/usr/lib/python2.7/site-packages/certbot/plugins/util.py", line 5, in <module>
            import psutil
            File "/usr/lib64/python2.7/site-packages/psutil/__init__.py", line 181, in <module>
            raise ImportError(msg)
            ImportError: version conflict: '/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so' C extension module was built for another version of psutil (different than 2.2.1)

            Comment


            • #7
              Has anyone managed to get a LetsEncrypt SSL just for the hostname, FTP, web-server and all that?

              Comment


              • #8
                Hi bertie

                There's another thread started I thought about this

                You should be able to add hostname as a siteworx account and create SSL using generate using LE, then copy and paste into hostname SSL of nodeworx

                You may also be able to run LE manually, if your DNS records are correct and tell it where to save the files, but this method, I have not tried

                Please understand though, LE is not a wildcard SSL and would need renewing every 2 or 3 months. Sorry, I cannot remember the exact time length the LE SSL runs for

                I hope that helps a little

                Many thanks

                John

                Comment

                Working...
                X