Letsencrypt Install
Hi there
So I seem to be having issues installing Letsencrypt.. Ging to slackbuilds and then doing all the dependencies has got me lost and overwhelmed. Not sure if there was a more simple way to do it. On my other machine I used to run 'certboy certonly --standalone -d mail.org' and it would make it...But I do not recall how I installed it then..It was an Ubunutu machine. I just seem to be having major issues. |
There is an official package in Slackware series "n" called "dehydrated" (Let's Encrypt / ACME setup script).
https://letsencrypt.org/docs/challenge-types/ https://github.com/dehydrated-io/dehydrated Quote:
|
I do not know if this is going to be helpful because, if I understand correctly what dehydrated does, you are running your own DNS server...
anyway, since my DNS provider does not provide a DNS API I went with agnos: https://github.com/krtab/agnos very easy to setup, and reliable. it comes with precompiled binaries too. hope this helps. |
obviously agnos is meant for dns-01 challenges only, and allows wildcard certificates...
|
Quote:
Code:
sqg -p letsencrypt |
I'd second trying to use 'dehydrated'. It was added to Slackware as a stock package during 15.0's development cycle (Jan 5, 2021, according to my changelog copy). With dehydrated you can set everything up for an https apache webserver using letsencrypt, without adding extra packages.
"AlienBob" wrote up an article on how to use dehydrated back in 2019 here: https://alien.slackbook.org/blog/usi...er-with-https/ The only difference now afaik is that dehydrated is included in Slackware 15.0 or later so ignore package installation steps. I followed those instructions last year and managed to set up a few https webservers with letsencrypt without too much hassle. Just make sure you have everything set up and working perfectly using letsencrypt's staging server first because you'll get blocked (temporarily) if you f* it up too many times on the production server. (dont ask how I know ;-) |
If you have a registered domain, then the http-01 challenge is the easiest.
I have a dynamic DNS address with freedns.afraid.org, that required some shenanigans to complete the dns-01 challenge. I used dehydrated with dnsmasq for this. I still need to conduct certificate updates manually. My need is not great. I only use it for accessing CalDAV from my iPhone. |
Hi all
I apologize I have not responded back, been having health issues blah blah blah. I appreciate all of the well rounded feedback and definitely have some reading to do, but I wanted to mention this before so… I was wanting to do letsecnrypt for my Email Server certificate. No website, currently. Would the feedback I’ve received work also for this? Or just web servers? |
It also works for mail, you just have to replace the self-signed certificate.
|
Quote:
Last year I wrote an howto here https://notes.sagredo.eu/en/qmail-no...rvers-233.html, inspired by the Eric's article, which shows how to do it with qmail and dovecot. |
I remember compiling LetsEncrypt from SBo years ago and wading through the dependencies, but lately I've just been using the acme.sh script (also packaged in .t?z on SBo). Might be worth a shot, although all I'm doing is basic https key issue/renewal for websites and am not too familiar with sendmail/dovecot/postfix/all that.
My quick n' dirty if you use Apache: Code:
mkdir /etc/httpd/ssl 2. domains you want keys for 3. acme.sh defaults to zerossl, so this overrides to use LetsEncrypt 4. cert file location 5. key file location 6. fullchain file location 7. command to run after key renewal (httpd needs to restart to reprocess keys, I guess) The parameters passed to this '--issue' command get stored by acme at a path similar to: Code:
~/.acme.sh/example.com_ecc/example.com.conf Code:
LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so Last line becomes apparent in the next step. Now go into /etc/httpd/extra/httpd-ssl.conf and change these values: Code:
SSLCertificateFile "/etc/httpd/ssl/cert.pem" Now restart httpd and give it a shot! Hopefully I didn't botch the commands. Also recommend running the following to add a cron job to keep the keys fresh. Code:
acme.sh --install-cronjob |
All times are GMT -5. The time now is 10:42 AM. |