-
LetsEncrypt slowly becomes a Python/pip/gcc dependency hell:
Code:
root@euve78301:~# ./letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path=/var/www/forum -d killtube.org --email=lama12345@gmail.com
Upgrading certbot-auto 0.11.1 to 0.13.0...
Replacing certbot-auto...
Creating virtual environment...
Installing Python packages...
Had a problem while installing Python packages.
pip prints the following errors:
=====================================================
Collecting argparse==1.4.0 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 11))
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Downloading argparse-1.4.0-py2.py3-none-any.whl
Collecting pycparser==2.14 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 17))
Downloading pycparser-2.14.tar.gz (223kB)
Collecting cffi==1.4.2 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 21))
Downloading cffi-1.4.2.tar.gz (365kB)
Complete output from command python setup.py egg_info:
unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
No working compiler found, or bogus compiler options
passed to the compiler from Python's distutils module.
See the error messages above.
(If they are about -mno-fused-madd and you are on OS/X 10.8,
see http://stackoverflow.com/questions/22313407/ .)
----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-EPPyZ4/cffi
/root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
You are using pip version 8.0.3, however version 9.0.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
=====================================================
Certbot has problem setting up the virtual environment.
We were not be able to guess the right solution from your pip
output.
Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
for possible solutions.
You may also find some support resources at https://certbot.eff.org/support/ .
Luckly pip install --upgrade pip fixed everything
-
Bumping this a bit - your www subdomain has no cert, so https://www.killtube.org/ does not properly work. Try adding -d www.killtube.org to your initial LE command.
-
1 Attachment(s)
Thanks, works nicely. Now it can reroute to http://killtube.org/forum.php
Attachment 1393
And the cookie session is invalid ^^
-
For the next time:
Code:
apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot
Code:
certbot certonly --renew-by-default --webroot --webroot-path=/var/www/forum -d killtube.org -d www.killtube.org --email=lama12345@gmail.com
cd /etc/letsencrypt/live/killtube.org/
cat privkey.pem cert.pem > privkey_plus_cert.pem
/etc/init.d/lighttpd restart
https://certbot.eff.org/lets-encrypt/ubuntuxenial-other
-
I added a monthly crontab now: @monthly bash cronMonthly.sh &
cronMonthly.sh
Code:
cd KILLTUBE
node update_ssl.js
update_ssl.js
Code:
const { execSync } = require('child_process');
const { readFileSync, writeFileSync } = require('fs');
const file_get_contents = filename => readFileSync(filename, 'utf8');
const email = 'lama12345@gmail.com';
const domains = [
'killtube.org',
'www.killtube.org',
//'tracker.killtube.org',
].map(domain => '-d ' + domain).join(' ');
function system(cmd) {
const stdout = execSync(cmd).toString().trim();
console.log(`<system cmd='${cmd}'>`);
console.log(stdout);
console.log('<system>');
return stdout;
}
function certbot() {
const cmd = `certbot certonly --renew-by-default --webroot --webroot-path=/var/www/forum ${domains} --email=${email}`;
const stdout = system(cmd);
return stdout.split('\n').map(x=>x.trim()).filter(x=>x.startsWith('/etc/letsencrypt'));
}
[fullchain, privkey] = certbot();
//const dir = '/etc/letsencrypt/live/killtube.org-0005';
//[fullchain, privkey] = [dir + '/fullchain.pem', dir + '/privkey.pem'];
const cert = privkey.replace('privkey', 'cert');
const chain = privkey.replace('privkey', 'chain');
const lighttpd_chain = privkey.replace('privkey', 'lighttpd_chain');
console.log(`const fullchain = '${fullchain}';`);
console.log(`const privkey = '${privkey }';`);
console.log(`const cert = '${cert }';`);
// Lighttpd requires privkey_plus_cert.pem and chain.pem (not as a link, so read/save it)
const privkey_plus_cert = [privkey, cert].map(file_get_contents).join('');
console.log('privkey_plus_cert', privkey_plus_cert);
const privkey_plus_cert_filename = privkey.replace('privkey', 'privkey_plus_cert');
writeFileSync(privkey_plus_cert_filename, privkey_plus_cert);
writeFileSync(lighttpd_chain, file_get_contents(chain));
// screen -r lighttpd
// ctrl+c
// arrow up + enter
system('pkill lighttpd');
system('screen -S lighttpd -X quit');
system('screen -AmdS lighttpd');
system('screen -S lighttpd -p 0 -X stuff "cd ~/KILLTUBE/^M"');
system('screen -S lighttpd -p 0 -X stuff "./lighttpd.sh^M"');
It all works so far, lets see in a month :^)