Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "acme"
So here I am, skrewing around with the Google Authenticator app and the dodgiest base32 code generator I've ever built and generating a 56 char unique ID, and a 8 digit time based code.
WTF, all these products, services and logins that use 6 digit codes... and this fucking thing can handle 8 without breaking 😑
Now... to hook it into a QR code class... and spit out an image I can actually scan, without calling google charts api.
I can't say I've written one of those before 🙃7
I found out that apache had built-in support ( via a module - mod_md ) for automatic TLS certificate management with Let's Encrypt since October 2017.
Bloody Hell! Why didn't I hear of this sooner?
So, I ran off into my cloud to set up this so-called ManagedDomain ( mod_md ).
Found the module in the package repositories, installed it and started testing it out.
I started writing IfModule conditions under mod_ssl so that I wouldn't have to overwrite my existing TLS configurations ( which was already issued by Let's Encrypt via certbot, by the way ).
After a whole night of twisting and turning with the configurations, it turns out that the module in the package repositories were built for ACMEv1 and that API has been dead for as long as the module has been around.
I had noticed that the module was 'experimental', but I still hoped that they had the packaged the module.
Finally, I cozied back up with certbot. At least, until this so-called mod_md becomes stable and mainstream.
I hope certbot doesn't make a fuss. I'm sure, it got offended that I was trying to cheat it with mod_md.4
So I finally got a rant to tell, about me myself and I. Were working on my web host (personal gladly) and was trying to get ACME working without root access. I messed up and somehow got a folder named “~”, in a directory. I thought “well that folder is unnecessary” and I ran “rm -rf ~”. The moment I pressed “enter”, I realized what could’ve happened, and it did happen. My whole web-root gone. No backups. Just a big facepalm on my forehead ...
Take lesson, fix backups...4
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.