https://bugs.contribs.org/show_bug.cgi?id=10253
Jean-Philippe Pialasse <[email protected]> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Jean-Philippe Pialasse <[email protected]> ---
# yum install smeserver-letsencrypt --enablerepo=smedev -y
...
mv: cannot stat `/etc/letsencrypt.sh': No such file or directory
###################################################################
************************************************************
NOTE ! letsencrypt.sh has had to be renamed to 'dehydrated'
************************************************************
# After install please set your db keys
# Make sure you set the letsencrypt status key to test
# Enable some domains or hosts
# Then run the following
# signal-event console-save
# dehydrated -c
# Once you are satisfied set the letsencrypt status key to enabled
# mv /etc/dehydrated/private_key.pem /etc/dehydrated/private_key.test
# Run the dehydrated file again to generate your keys
# signal-event console-save
# dehydrated -c -x
# Thereafter only use
# dehydrated -c
# If you make any key changes run console-save first
###################################################################
....
# config setprop letsencrypt hookScript enabled status test
# db domains setprop cloudy2.pialasse.com letsencryptSSLcert enabled
# db hosts setprop sme9x64.cloudy2.pialasse.com letsencryptSSLcert enabled
# signal-event console-save
# cat /etc/dehydrated/domains.txt
cloudy2.pialasse.com sme9x64.cloudy2.pialasse.com
# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
ERROR: Problem connecting to server (get for
https://acme-staging.api.letsencrypt.org/directory; curl returned with 6)
I added to config :
then
# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
To use dehydrated with this certificate authority you have to agree to their
terms of service which you can find here:
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
To accept these terms of service run `/usr/bin/dehydrated --register
--accept-terms`.
might add this to config
PARAM_ACCEPT_TERMS="yes"
yes it did !
# dehydrated -c
# INFO: Using main config file /etc/dehydrated/config
+ Generating account key...
+ Registering account key with ACME server...
Processing cloudy2.pialasse.com with alternative names:
sme9x64.cloudy2.pialasse.com
+ Signing domains...
+ Creating new directory /etc/dehydrated/certs/cloudy2.pialasse.com ...
+ Generating private key...
+ Generating signing request...
+ Requesting challenge for cloudy2.pialasse.com...
+ Requesting challenge for sme9x64.cloudy2.pialasse.com...
+ Responding to challenge for cloudy2.pialasse.com...
+ Challenge is valid!
+ Responding to challenge for sme9x64.cloudy2.pialasse.com...
+ Challenge is valid!
+ Requesting certificate...
+ Checking certificate...
+ Done!
+ Creating fullchain.pem...
Set up modSSL db keys
Signal events
All complete
+ Done!
it successfully generated the fake test certificate and reloaded httpd with new
cert
=====
I would say verified, however I need to improve the following :
- fix "mv: cannot stat `/etc/letsencrypt.sh': No such file or directory"
- remove the text printed in the yum sequence
- dirty fix in config file adding :
#fix for curl error (get for
https://acme-staging.api.letsencrypt.org/directory; curl returned with 6) like
/usr/bin/curl https://acme-v01.api.letsencrypt.org/directory -s 2>&1 >
/dev/null
/usr/bin/curl http://cert.int-x3.letsencrypt.org/ -s 2>&1 > /dev/null
/usr/bin/curl https://acme-staging.api.letsencrypt.org/directory -s 2>&1 >
/dev/null
in order to reduce risk of curl error ( not sure it will rmeove all of them ,
it seems that I still had to do manually this one : # curl
http://cert.int-x3.letsencrypt.org/ ( need to verify)
- if we want to automatize this we should add PARAM_ACCEPT_TERMS="yes" in the
config file after presenting it in a manager panel
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
