Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "certbot"
Happened a few weeks ago but still awesome.
Me and a good friend have a website together but we don't monitor it too much.
He studied with me in the same class but went towards frontend/apps where I chose backend/servers/security. He knows how to do basic Linux stuff but that's about it.
We were at a party when he noticed that our site was offline. Walked over to me (because I manage the server) to notify me so I could look into it said I'd look into it (phone):
*visits site: nothing*
*online dig tool: got the server ip*
*remembered this one didn't have pubkey authentication - after three passwords attempts I'm in*
"service apache2 status"
*service doesn't exist*
*right, migrated this one from Apache to nginx....*
*ah, an nginx restart probably suffices...*
"service nginx restart"
BAM, site is reachable again.
*god damnit, lets encrypt cert expired...*
*sees command with certbot and our domain both in one*
*20 seconds later: success message*
*service nginx reload*
BAM, site works securely again.
"Yo mate, check the site again"
Mate: 😶 w-w-what? *checks site and his watch* you started less than two minutes ago...?
Mate: 😶 now this is why YOU manage our server and I don't 😐
His face was fucking gold. It wasn't that difficult for me (I do this daily) but to him, I was a God at that moment.
Awesome moment 😊27
Ah certbot you sexy pain in the ass.
# certbot renew
> "Error: unable to parse files ..."
> 2 certificates renewed.
🤔I don't know how you worked, but you keep working!!2
Finally stopped procrastinating and setup my personal site with HTTPS!
Why didn't I do this ages ago?3
Did anyone else notice how setting up a letsencrypt.org certificate for a domain became a lot easier as this year went on? Certbot + automatic renewal was set up in four commands on my RasPi, I remember it being more difficult to set everything up 🤔1
Set up an Ubuntu AWS ec2 instance running nodejs reverse proxied by nginx, kept running by pm2 and SSL provisioned by certbot.
I know that sounds like nothing but buzzwords but it really felt awesome to get a little node app stack sorted out!4
What makes free ssl "Unsuitable for e-commerce websites", Please read to end to see my view point.
Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.
* "To gain this trust, you need a certification of your authenticity"
~ But isn't that just Domain Verification and other Extras, What justifies somebody or business's authenticity? Tax Id, Valid Address, Nobody is going to study the ssl cert to make sure that amazon.com is a valid business and has a tax Id.
* "domain validation only which means they don't certify the identity of the website owner,"
~ Wouldn't this just be the domain validation test that is required when using services like LetsEncrypt using Certbot etc, or are we referencing back to this idea that they look for a Valid Tax Id sort of thing?
* "If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer"
~ Why is the paid version going to do double encryption, is the CA going to run a monitoring tool to scan for intrusions like a IDS or IPS? (disregard the use of DNS Validation being in the picture)
Am I missing something, this just seems like well crafted text to get people to buy a cert, I could understand if the encryption was handled differently, Maybe if they checked the site for HSTS or HTTPs Redirect or even, They blocked wildcard SSL before and now with the paid its included, but overall it doesn't sound like anything special. Now I'm not just picking on namecheap because domain.com does the same.14
I don't fucking understand why certbot never seems to renew my domains. I try everytime I get one of them anoyying emails but still fail.
Currently trying while watching the webroot and apache logs. Nothing fucking happens. Someone experience with these problems?7
I found out that apache had built-in support ( via a module - mod_md ) for automatic TLS certificate management with Let's Encrypt since October 2017.
Bloody Hell! Why didn't I hear of this sooner?
So, I ran off into my cloud to set up this so-called ManagedDomain ( mod_md ).
Found the module in the package repositories, installed it and started testing it out.
I started writing IfModule conditions under mod_ssl so that I wouldn't have to overwrite my existing TLS configurations ( which was already issued by Let's Encrypt via certbot, by the way ).
After a whole night of twisting and turning with the configurations, it turns out that the module in the package repositories were built for ACMEv1 and that API has been dead for as long as the module has been around.
I had noticed that the module was 'experimental', but I still hoped that they had the packaged the module.
Finally, I cozied back up with certbot. At least, until this so-called mod_md becomes stable and mainstream.
I hope certbot doesn't make a fuss. I'm sure, it got offended that I was trying to cheat it with mod_md.4
Does anyone know how to use certbot on a Debian stretch azure web service app to generate an SSL cert?
I've got the cert generated and Apache to serve it but it's giving me errors.
I need to bind it in azure somehow but I can't figure out how to export the cert.7
I don't know why this is so difficult for me but getting ssl for my site is very annoying. I've been building this one site that I need ssl for but I just cant get lets encrypt or certbot to work.
I'm asking for help because I've looked through a lot of articles and stackoverflow posts but nothing seems to work for me.
I'm sorry I know this isn't some stackoverflow alternative but I'm getting kinda desperate here.
I made the site in Flask and Im using gunicorn as the webserver and I can access it at xx.xx.xx.xx:8000 just fine
Then I'm running a nginx reverse proxy to forward all :80 requests to :8000.
I have this one route i made for testing called random (ex xx.xx.xx.xx/random) and it works fine when I'm using my external ip.
I think the problem is with my domain name.
I got it for free of off freenom and it just forwards traffic on the domain (hacschedule.tk) to my ip (not sure if I should have actually put the domain)
This works fine for when I'm just trying to get to the home page, but when i put www.hacschedule.tk/random, it just redirects me to www.hacschedule.tk aka the homepage.
I've tried making routes for the certbot/letsencrypt tools but they keep failing and I think its because of the domain name but since this is my first time actually trying to put a project into production, I don't know what I'm doing wrong.
If anyone could try to lead me the right way I'd really appreciate it. It's an app I wanted to build for peers to use to see school schedule in a more familiar way (we changed systems)10