letsencrypt fail

The zoo runs several websites off one piece of hardware and some of you lot probably will be amazed that it is possible (my blog) and it works.

However lets encrypt is a wreck behind the scenes even run as root i failed to get past this web hoster’s botched implementation certbot

Carol Beer little britain says computer said no

Carol Beer little britain says computer said no

Problems encountered — one registration per /etc monkey.com and banana.com need two accounts

I delete one , i get further than before then i need to create directories and when i run those commands (printf) the client still says no and when dealing muiltple ip addresses then some editing of the python syntax is needed

This

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

Needs to become

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((‘<ip address>’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”

However a dns redirect trumps this feature so its a real pain in the arse – all i wanted was tls website for an expired tls domain – no joy and for a postfix instance a certificate which seems to demand a website which i dont want.

I also deleted my 443 config (i did make a backup) but it strikes me as very much not ready for the real world. I decided to buy ssl instead.

Perhaps my tlsa records (my blog) upset the process but when certbot does computer says no when i wanted was something along the lines of a crt, pem chain which i could figure out the rest instead i get a boiler plate 443<monkey>.com apache template somewhere in /etc.

rocketletsencrypt is too restrictive and its configuration leaves much to be desired.  OK I was working this as an in place upgrade rather than a ‘virgin’ domain which never had ssl cert before which i could test* but its not rocket science tls but the process involved is horrid.

Peace.

*to do this i would create dns zones,change dns glue records,switch on an ipv4 address and add a www thing,delete the bad account data,and then a day later try again.  No thanks.

One response

  1. Pingback: Review of the Year | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s