Announcement

Collapse
No announcement yet.

LetsEncrypt for Hostname

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Staxed
    started a topic LetsEncrypt for Hostname

    LetsEncrypt for Hostname

    First time using LetsEncrypt so I wanted to check before I did this. I want to create a certificate for my hostname as well as the other services (ftp, pop3, imap, smtp, interworx-ssl, web-server, etc).

    Is just generating a cert using the below command with certbot good enough for this? Going to generate the cert with the hostname and then use the cert/privkey to update all services. I use mail.domain.com instead of hostname.domain.com for mail though, so I assume I'll have to create a separate one for mail, or will the hostname one work for that as well?

    # certbot certonly --standalone -d hostname.domain.com -d mail.domain.com

  • d2d4j
    replied
    Hi bertie

    There's another thread started I thought about this

    You should be able to add hostname as a siteworx account and create SSL using generate using LE, then copy and paste into hostname SSL of nodeworx

    You may also be able to run LE manually, if your DNS records are correct and tell it where to save the files, but this method, I have not tried

    Please understand though, LE is not a wildcard SSL and would need renewing every 2 or 3 months. Sorry, I cannot remember the exact time length the LE SSL runs for

    I hope that helps a little

    Many thanks

    John

    Leave a comment:


  • Bertie
    replied
    Has anyone managed to get a LetsEncrypt SSL just for the hostname, FTP, web-server and all that?

    Leave a comment:


  • Staxed
    replied
    hmm...getting an error trying to run command:

    # certbot --webroot -w /home/account/public_html -d domain.com -d www.domain.com -d sub.domain.com -d sub1.domain.com -d sub2.domain.com -d sub3.domain.com -d sub4.domain.com

    ----

    An unexpected error occurred:
    ImportError: version conflict: '/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so' C extension module was built for another version of psutil (different than 2.2.1)
    Please see the logfile 'certbot.log' for more details.

    -----

    Log File:


    Traceback (most recent call last):
    File "/usr/bin/certbot", line 9, in <module>
    load_entry_point('certbot==0.8.1', 'console_scripts', 'certbot')()
    File "/usr/lib/python2.7/site-packages/certbot/main.py", line 700, in main
    plugins = plugins_disco.PluginsRegistry.find_all()
    File "/usr/lib/python2.7/site-packages/certbot/plugins/disco.py", line 174, in find_all
    plugin_ep = PluginEntryPoint(entry_point)
    File "/usr/lib/python2.7/site-packages/certbot/plugins/disco.py", line 33, in __init__
    self.plugin_cls = entry_point.load()
    File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2229, in load
    return self.resolve()
    File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2235, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
    File "/usr/lib/python2.7/site-packages/certbot/plugins/standalone.py", line 19, in <module>
    from certbot.plugins import util
    File "/usr/lib/python2.7/site-packages/certbot/plugins/util.py", line 5, in <module>
    import psutil
    File "/usr/lib64/python2.7/site-packages/psutil/__init__.py", line 181, in <module>
    raise ImportError(msg)
    ImportError: version conflict: '/usr/lib64/python2.7/site-packages/psutil/_psutil_linux.so' C extension module was built for another version of psutil (different than 2.2.1)

    Leave a comment:


  • Staxed
    replied
    Yeah, I normally use a paid one as well...but wanted to give LetsEncrypt a go just to see how it works out :)

    Leave a comment:


  • d2d4j
    replied
    Hi staxed

    Yes, it stops it from working

    You should be able to run your manual command to generate it, but I have not tried myself

    We use a paid wildcard SSL for our servers

    Many thanks

    John

    Leave a comment:


  • Staxed
    replied
    you reported a bug with the multi CN feature? Does said bug prevent it from working? Would rather a manual option that works right now then waiting a few weeks for it to get fixed :)

    Leave a comment:


  • d2d4j
    replied
    Hi staxed

    Hope your well

    If you upgrade to release candidate, multi CN is an option

    However, it has only just come out of beta and I reported a bug with it, which Nathan reviewed and found a missing symlink, so will be in beta for a few weeks I guess

    Should work lovely once it released from beta

    Hope that helps

    The single SSL cert should cover all CN you have selected

    Many thanks

    John

    Leave a comment:

Working...
X