Bananas in the Falklands

Beguiling, Amorous, Nonconformist, Adeptly Needing Arousing Stimulation oh and Fantastic Kisses.

letsencrypt fail

The zoo runs several websites off one piece of hardware and some of you lot probably will be amazed that it is possible (my blog) and it works.

However lets encrypt is a wreck behind the scenes even run as root i failed to get past this web hoster’s botched implementation certbot

Carol Beer little britain says computer said no
Carol Beer little britain says computer said no

Problems encountered — one registration per /etc monkey.com and banana.com need two accounts

I delete one , i get further than before then i need to create directories and when i run those commands (printf) the client still says no and when dealing muiltple ip addresses then some editing of the python syntax is needed

This

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

Needs to become

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((‘<ip address>’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

However a dns redirect trumps this feature so its a real pain in the arse – all i wanted was tls website for an expired tls domain – no joy and for a postfix instance a certificate which seems to demand a website which i dont want.

I also deleted my 443 config (i did make a backup) but it strikes me as very much not ready for the real world. I decided to buy ssl instead.

Perhaps my tlsa records (my blog) upset the process but when certbot does computer says no when i wanted was something along the lines of a crt, pem chain which i could figure out the rest instead i get a boiler plate 443<monkey>.com apache template somewhere in /etc.

rocketletsencrypt is too restrictive and its configuration leaves much to be desired.  OK I was working this as an in place upgrade rather than a ‘virgin’ domain which never had ssl cert before which i could test* but its not rocket science tls but the process involved is horrid.

Peace.

*to do this i would create dns zones,change dns glue records,switch on an ipv4 address and add a www thing,delete the bad account data,and then a day later try again.  No thanks.

, ,
,

Posted by:

bananasfk

Technical mad person and ballet class for fun. I also like baiting god blogger’s more info B5 d++ t k s– u– f+ i o++ x e l- c++. One post a day keeps the mad doctors away – or ‘A Day Without Bananas In The Falklands is Like a Day Without Sunshine’.

2 responses to “letsencrypt fail”

  1. Review of the Year | Bananas in the Falklands Avatar
    Review of the Year | Bananas in the Falklands

    […] stuff tls got a once over, lets encrypt appears useless unless your big retarded hosting firm, somebody sent us a junk fax in 2016 although the fax machine […]

    Reply
  2. tls renewal time from the last time i did them | Bananas in the Falklands Avatar
    tls renewal time from the last time i did them | Bananas in the Falklands

    […] to be rewarded.  I had no idea what i was letting myself in for but in fact it is way better than letsencrypt (my blog) as it uses email contacts instead of some shit http server to […]

    Reply

by golly but…

This site uses Akismet to reduce spam. Learn how your comment data is processed.