Hi Kelsey, This is a paste copy of the vhost definitions in my eg.conf for my test server: http://pastie.org/private/3mhgp90ba4a0xrwz48v16q
As indicated in the paste, I have a servername and then also serveralias because I used two hostnames for this machine. Everything else in eg.conf matches the stock setup file as far as I can tell. I did not encounter any error for my http vhost. The error I'd focus on from your sample is this part: "fmall.js: Error: File not found: http://evergreentest.stkate.edu/opac/common/js/fmall.js"; That file not found is cause it's trying to use the regular HTTP way of finding the file instead of the forced secure HTTPS in your system. If I change that URL to https:// in my browser, and look for the file path, I can find the file. So this is a case where if you comment out the regular http vhost, bad stuff happens. Normally, trying to force to HTTPS everywhere would be done via the eg_vhost.conf configuration, at the end of that file. However, there is a known bug open where developers are trying to figure out some remaining issues with forcing HTTPS everywhere: https://bugs.launchpad.net/evergreen/+bug/1507013 Hope that helps a little. -- Ben On Mon, Mar 7, 2016 at 8:28 PM, Kelsey Lied <[email protected]> wrote: > Hi Ben, > > Awesome! I'm excited about your response -- I've got a similar setup with > Ubuntu 14.04/Apache 2.4. > > Here's what I've got today -- > > - I commented out the HTTP vhost in /etc/apache2/sites-available/eg.conf, > leaving only the HTTPS vhost, since Let's Encrypt was giving an error about > only working with one vhost. Also verified ServerName of that vhost is my > fqdn. > - Redid the whole auto-letsencrypt apache thing, got through without errors > this time. Server passed ssllabs.com test, too. (Hooray!) > - Stopped and started opensrf, ran autogen.sh, and restarted apache. > - Verified no certificate errors when hitting https://fqdn (Hooray!) > - Attempted to start Evergreen client. Got following errors: > fmall.js: TypeError: document.getElementsById("offlineStrings") is null (OK > button) > fmall.js: Error: File not found: > http://evergreentest.stkate.edu/opac/common/js/fmall.js > - Found a 2013 IRC log about these errors > (http://irc.evergreen-ils.org/evergreen/2013-08-27). Reran autogen.sh, no > luck. Have noted: if I hit the given URL in a browser, I also get a File > Not Found. HOWEVER, if I hit the same over HTTPS, I get data back. > > Wondering if commenting out the HTTP vhost is causing the fmall.js errors. > It's also possible that I've got localhost hanging out somewhere in my > Evergreen setup that needs to be swapped out for the domain name -- I > originally started without and may have missed a spot when I tried to swap > in the domain name later. Thoughts? > > Side note: I am somewhat baffled about how the server and hitting the > browser client is validating over HTTPS, given my eg.conf file still says > the cert/key are in the apache ssl directory the Evergreen instructions have > you create, while Let's Encrypt puts the goods elsewhere > (https://letsencrypt.readthedocs.org/en/latest/using.html#where-certs ). > I'd be interested in knowing some more about what you changed within > eg.conf, Ben. > > Thanks, > Kelsey > > On Sun, Mar 6, 2016 at 7:58 PM, Ben Shum <[email protected]> wrote: >> >> Hi Kelsey, >> >> I've been using Let's Encrypt on my personal Evergreen test server >> (https://demo.evergreener.net) for this past month or so. Prior to >> that, I used Let's Encrypt for some other test systems at my previous >> place of work. >> >> The biggest issue I encountered initially was that my system wasn't >> resolving the reverse DNS properly for my site (it took a little time >> for all the DNS to populate properly). This caused the >> letsencrypt-auto to fail for me. I think I ended up installing an >> additional python package to get that working in addition to giving >> enough time for DNS to propagate. >> >> The test system I used was installed with Ubuntu 14.04 server and >> apache 2.4, which letsencrypt seemed to have better luck in handling >> automatically the apache replaces with apache 2.4 vs. 2.2 (which >> shipped on older Ubuntu distros). Alternatively, I think I also just >> eventually figured out how to setup my eg.conf config file with the >> necessary paths for the SSL cert and chain files. >> >> Feel free to ask further questions about your issues. I think using >> Let's Encrypt is an awesome solution for SSL certificates. >> >> -- Ben >> >> On Sun, Mar 6, 2016 at 8:50 PM, Kelsey Lied <[email protected]> wrote: >> > Hi, >> > >> > I am wondering if anybody is using Let's Encrypt (letsencrypt.org) for >> > their >> > Evergreen install. >> > >> > We're spinning up a new install and would like to use it, but so far I >> > have >> > had no luck on our test server. I have tried a number of things, >> > getting >> > various errors. The Let's Encrypt community has generally had an answer >> > for >> > each error, but every answer I've tried messes with config settings that >> > ultimately prevent Evergreen from running properly. (Happy to provide >> > errors if folks are interested, but they're errors in another tool, so >> > don't >> > want to bog down the initial query.) >> > >> > Is anybody using Let's Encrypt successfully? >> > >> > Thanks, >> > Kelsey > >
