Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: LetsEncrypt for https://killtube.org

  1. #11
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,083 Times in 753 Posts
    LetsEncrypt slowly becomes a Python/pip/gcc dependency hell:


    Code:
    root@euve78301:~# ./letsencrypt/letsencrypt-auto certonly --renew-by-default --webroot --webroot-path=/var/www/forum -d killtube.org --email=lama12345@gmail.com
    Upgrading certbot-auto 0.11.1 to 0.13.0...
    Replacing certbot-auto...
    Creating virtual environment...
    Installing Python packages...
    Had a problem while installing Python packages.
    
    
    
    
    pip prints the following errors:
    =====================================================
    Collecting argparse==1.4.0 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 11))
    /root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
      SNIMissingWarning
    /root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
      InsecurePlatformWarning
      Downloading argparse-1.4.0-py2.py3-none-any.whl
    Collecting pycparser==2.14 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 17))
      Downloading pycparser-2.14.tar.gz (223kB)
    Collecting cffi==1.4.2 (from -r /tmp/tmp.phANzTUu7s/letsencrypt-auto-requirements.txt (line 21))
      Downloading cffi-1.4.2.tar.gz (365kB)
        Complete output from command python setup.py egg_info:
        unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
        unable to execute 'x86_64-linux-gnu-gcc': No such file or directory
    
    
    
    
            No working compiler found, or bogus compiler options
            passed to the compiler from Python's distutils module.
            See the error messages above.
            (If they are about -mno-fused-madd and you are on OS/X 10.8,
            see http://stackoverflow.com/questions/22313407/ .)
    
    
    
    
        ----------------------------------------
    Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-EPPyZ4/cffi
    /root/.local/share/letsencrypt/local/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
      InsecurePlatformWarning
    You are using pip version 8.0.3, however version 9.0.1 is available.
    You should consider upgrading via the 'pip install --upgrade pip' command.
    =====================================================
    
    
    
    
    Certbot has problem setting up the virtual environment.
    
    
    
    
    We were not be able to guess the right solution from your pip
    output.
    
    
    
    
    Consult https://certbot.eff.org/docs/install.html#problems-with-python-virtual-environment
    for possible solutions.
    You may also find some support resources at https://certbot.eff.org/support/ .

    Luckly pip install --upgrade pip fixed everything
    timescale 0.01

  2. #12
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,718
    Thanks
    17
    Thanked 1,068 Times in 674 Posts
    Bumping this a bit - your www subdomain has no cert, so https://www.killtube.org/ does not properly work. Try adding -d www.killtube.org to your initial LE command.
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem

  3. The Following User Says Thank You to IzNoGoD For This Useful Post:

    kung foo man (13th January 2018)

  4. #13
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,083 Times in 753 Posts
    Thanks, works nicely. Now it can reroute to http://killtube.org/forum.php

    Click image for larger version. 

Name:	seeother.png 
Views:	30 
Size:	144.5 KB 
ID:	1393

    And the cookie session is invalid ^^
    timescale 0.01

  5. The Following User Says Thank You to kung foo man For This Useful Post:

    kubislav23 (14th January 2018)

  6. #14
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,083 Times in 753 Posts
    For the next time:

    Code:
    apt-get update
    apt-get install software-properties-common
    add-apt-repository universe
    add-apt-repository ppa:certbot/certbot
    apt-get update
    apt-get install certbot
    Code:
    certbot certonly --renew-by-default --webroot --webroot-path=/var/www/forum -d killtube.org -d www.killtube.org --email=lama12345@gmail.com
    cd /etc/letsencrypt/live/killtube.org/
    cat privkey.pem cert.pem > privkey_plus_cert.pem
    /etc/init.d/lighttpd restart
    https://certbot.eff.org/lets-encrypt/ubuntuxenial-other
    timescale 0.01

  7. #15
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,083 Times in 753 Posts
    I added a monthly crontab now: @monthly bash cronMonthly.sh &

    cronMonthly.sh
    Code:
    cd KILLTUBE
    node update_ssl.js
    update_ssl.js
    Code:
    const { execSync } = require('child_process');
    const { readFileSync, writeFileSync } = require('fs');
    const file_get_contents = filename => readFileSync(filename, 'utf8');
    const email = 'lama12345@gmail.com';
    const domains = [
    	'killtube.org',
    	'www.killtube.org',
    	//'tracker.killtube.org',
    ].map(domain => '-d ' + domain).join(' ');
    function system(cmd) {
      const stdout = execSync(cmd).toString().trim();
    	console.log(`<system cmd='${cmd}'>`);
    	console.log(stdout);
    	console.log('<system>');
      return stdout;
    }
    function certbot() {	
    	const cmd = `certbot certonly --renew-by-default --webroot --webroot-path=/var/www/forum ${domains} --email=${email}`;
    	const stdout = system(cmd);
    	return stdout.split('\n').map(x=>x.trim()).filter(x=>x.startsWith('/etc/letsencrypt'));
    }
    [fullchain, privkey] = certbot();
    //const dir = '/etc/letsencrypt/live/killtube.org-0005';
    //[fullchain, privkey] = [dir + '/fullchain.pem', dir + '/privkey.pem'];
    const cert    = privkey.replace('privkey', 'cert');
    const chain   = privkey.replace('privkey', 'chain');
    const lighttpd_chain   = privkey.replace('privkey', 'lighttpd_chain');
    console.log(`const fullchain = '${fullchain}';`);
    console.log(`const privkey   = '${privkey  }';`);
    console.log(`const cert      = '${cert     }';`);
    // Lighttpd requires privkey_plus_cert.pem and chain.pem (not as a link, so read/save it)
    const privkey_plus_cert = [privkey, cert].map(file_get_contents).join('');
    console.log('privkey_plus_cert', privkey_plus_cert);
    const privkey_plus_cert_filename = privkey.replace('privkey', 'privkey_plus_cert');
    writeFileSync(privkey_plus_cert_filename, privkey_plus_cert);
    writeFileSync(lighttpd_chain, file_get_contents(chain));
    // screen -r lighttpd
    // ctrl+c
    // arrow up + enter
    system('pkill lighttpd');
    system('screen -S lighttpd -X quit');
    system('screen -AmdS lighttpd');
    system('screen -S lighttpd -p 0 -X stuff "cd ~/KILLTUBE/^M"');
    system('screen -S lighttpd -p 0 -X stuff "./lighttpd.sh^M"');
    It all works so far, lets see in a month :^)
    timescale 0.01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •