The zoo runs several websites off one piece of hardware and some of you lot probably will be amazed that it is possible (my blog) and it works.
However lets encrypt is a wreck behind the scenes even run as root i failed to get past this web hoster’s botched implementation certbot
Problems encountered — one registration per /etc monkey.com and banana.com need two accounts
I delete one , i get further than before then i need to create directories and when i run those commands (printf) the client still says no and when dealing muiltple ip addresses then some editing of the python syntax is needed
This
:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”
Needs to become
:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((‘<ip address>’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \
s.serve_forever()”
However a dns redirect trumps this feature so its a real pain in the arse – all i wanted was tls website for an expired tls domain – no joy and for a postfix instance a certificate which seems to demand a website which i dont want.
I also deleted my 443 config (i did make a backup) but it strikes me as very much not ready for the real world. I decided to buy ssl instead.
Perhaps my tlsa records (my blog) upset the process but when certbot does computer says no when i wanted was something along the lines of a crt, pem chain which i could figure out the rest instead i get a boiler plate 443<monkey>.com apache template somewhere in /etc.
letsencrypt is too restrictive and its configuration leaves much to be desired. OK I was working this as an in place upgrade rather than a ‘virgin’ domain which never had ssl cert before which i could test* but its not rocket science tls but the process involved is horrid.
Peace.
*to do this i would create dns zones,change dns glue records,switch on an ipv4 address and add a www thing,delete the bad account data,and then a day later try again. No thanks.
by golly but…