The Let’s Encrypt plugin would be great except that when you use it, it generates a certificate that’s only good for one common name. It can’t cover www. or any other subdomains; however, Let’s Encrypt is capable of creating a cert that covers multiple subdomains in a single command. Please reference: https://letsencrypt.org/getting-started/ . This command will generate a cert for both the main domain and www…
certbot certonly --webroot -w /home/example/public_html -d example.com -d www.example.com
I’ve found a workaround (For now). Install certbot via yum. Install the Let’s Encrypt cert in siteworx for the domain. Then, use certbot to generate a cert for www. or whatever.yourdomain.com. certbot will offer to add the new name to the existing certificate. This will work for now but it has some caveats. I wasn’t able to use certbot without being logged into ssh as root (Maybe a chroot limitation). This will cause Let’s Encrypt files in the user home dir (Only Let’s Encrypt related files) to be owned by root. This can be corrected of course with chown. And of course nobody wants to have to go through any of these steps at all so it would be nice if we could generate more versatile certificates.
If you do what I’ve suggested manually, I think you only need to do it like: certbot --webroot -w /home/example/public_html -d example/com -d www.example.com
It will then ask you if you want to add www to the cert.
If the siteworx Let’s Encrypt generator ever gives you any errors it’s probably because you have an .htaccess file that’s messing up the domain ownership verification.
The Let’s Encrypt plugin wasn’t coded in accordance to the plugin documentation. The file/directory structure and other conventions were not followed. The plugin only installs Let’s Encrypt on the system by cloning a git repo. Since the plugin wasn’t created as the documentation instructs, I have no idea how it integrates into Interworx. If someone could however tell me which script is responsible for the creation of a new certificate as well as which script handles the plugin’s GUI, I could modify it to enhance its capabilities.
It was created by a Paul Oehler of Interworx. The data in plugin.ini says 2009. That can’t be right. The git repo is cloned to /home/interworx/lib/letsencrypt .
It looks like the GUI part of this plugin may have been hard coded into Interworx. I’d really like to be able to modify it and the script that’s invoked to secure a new site.
The Let’s Encrypt plugin is located in the plugins directory. To generate Let’s Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:
Generating a script for multiple domains and subdomains appears to be a new feature for Let’s Encrypt. We’ve created a feature request to implement this functionality in a future release.
The Let’s Encrypt plugin is located in the plugins directory. To generate Let’s Encrypt certificates ate the command line the interworx-cli rpm is required. Here is an example command:
Generating a script for multiple domains and subdomains appears to be a new feature for Let’s Encrypt. We’ve created a feature request to implement this functionality in a future release.
Thanks,
Nathan[/QUOTE]
I saw the plugin file but all its functionality isn’t there (I guess I’ll look at it again tomorrow in case I missed something). I have an idea though. It’s good that you plan to add that feature but until then, since I at least know which file is being used to generate certs, I should be able to replace certbot with a bash script that will call certbot and cert all the subdomains of an account while we wait for an update. Or at least for www in addition. If I do I’ll post the modification in the forum as well as how to revert it once the feature has been implemented.
If someone from Interworx will tell me which executable file they invoke and the flags they send, I’ll go ahead and make a patch. Otherwise I’d have to replace each of the exes in the letsencrypt directory I think might be responsible for creating an account and log the stdin data. So I’ll do that if someone gives me that info and this isn’t planned on being fixed within the next few weeks.
Note: I’ve just tried replacing certbot with a bash script that logs all stdin but when I tried to secure a site with lets encrypt, it didn’t use /home/interworx/lib/letsencrypt/certbot . Is there a different file it uses or is it because I’ve installed lets encrypt with apt-get? Does Interworx specify the path to certbot like /home/interworx/lib/letsencrypt/certbot when it invokes it or does it just run “certbot input1 input2” ? Or some other file first?
Edit: I couldn’t simply edit the plugin because the plugin doesn’t do anything but install Let’s Encrypt. It isn’t responsible for securing sites so I have to make a patch script.
Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it’s GitHub, then it would not. Hence my reasoning that certbot not installed
Hopefully IW will incorporate very soon, but only after it’s been tested
Apologies, your second post stated install certbot using yum - but when I tried it, yum could not find it, but if it’s GitHub, then it would not. Hence my reasoning that certbot not installed
Hopefully IW will incorporate very soon, but only after it’s been tested
Many thanks
John[/QUOTE]
NP. I think you misread a bit still though. The plugin installs Let’s Encrypt on the system using the Let’s Encrypt Github repo to the path I just previously posted. The code that runs certbot when you use Let’s Encrypt in Interworx isn’t part of the plugin code. It’s hard coded into Interworx. That’s why I need to know exactly what’s being passed to certbot and which of the certbot exes are being used. There are more than one at that path and I already tried replacing the main certbot with a script to record stdin input then ran it from the panel but it didn’t use the main certbot program so I got no IO.
As for yum, I only mentioned it because before I realized that the git repo was already on my server as a result of the plugin/installer, I used yum to install it (The package is in one of the extended RHEL repos, I forget which one but I have them all installed). So now I have Let’s Encrypt installed to the system as well as what Interworx pulls to that other path I posted. That’s why I asked if the panel specifies the full path when running it or if it was included in the system path prior to me installing it with yum.
If those questions were answered, a patch would be easy. I’ve been sick so I haven’t felt like tinkering to figure out which file is executed by the panel’s inner code. If it’s still not fixed by the time I feel better and have a few extra minutes I’ll figure it out myself and make a bash script patch.
Just in case anyone wants the exact procedure to use until this feature is in stable. Here’s what you do…
1) In Siteworx, enable Let’s Encrypt for yourdomain.com 2) Login to your server as root and run the following command: certbot certonly --webroot -w /home/example/public_html -d example.com -d www.example.com 3) Certbot will say something like “You have an existing certificate, would you like to expand and replace it” to which you choose the option “Expand.” 4) Restart your web server (Apache/Litespeed/etc.). 5) If you now refresh the SSL page in siteworx you’ll now it shows both dns names under “Alternate Domains.”
Notes: Using the -d flag you can add as many subdomains as you want (Maybe even a wildcard as in *. but I haven’t tried that yet). Also, you can always run the command again if you left out a subdomain. If you run into any problems after doing this (Such as not being able to use the IW Let’s Encrypt plugin) there are some files that certbot creates after you execute this manual procedure. I forget the paths but they’re easy to find. Deleting the files associated with the certificate you generated will restore the IW plugin’s functionality to normal. Using this method will only affect the Let’s Encrypt plugin for the accounts you use it on.