Topic: StartSSL Issue

[DanB35]

I'm not certain exactly what type of DNS record would be required, but I believe it would be either an A or a CNAME record.  For each hostname for which you're seeking a cert, the ACME server tries to connect to http://$HOSTNAME/.well-known/acme-challenge/$LONGSTRING and ensure that file contains the correct contents.  $LONGSTRING and its contents both look random, but are in fact cryptographically generated somehow.

[brianr]

I'm not certain exactly what type of DNS record would be required, but I believe it would be either an A or a CNAME record.  For each hostname for which you're seeking a cert, the ACME server tries to connect to http://$HOSTNAME/.well-known/acme-challenge/$LONGSTRING and ensure that file contains the correct contents.  $LONGSTRING and its contents both look random, but are in fact cryptographically generated somehow.

aha - that is very useful, I'll see if I can arrange that!!

[DanB35]

I've made some significant revisions to the letsencrypt.sh portions of the wiki page--the installation process is revised, and the renewal process is added.  It should work on SME 8.x as well as 9.x.

Edit:  There's also an RPM in development which will probably take away most of the manual work in this, but I don't know when we should expect to see it released.

[ReetP]

I've added some notes to the wiki on installing and using letsencrypt.sh.  No doubt it's rough at this point, but it should work on SME 8 as well as 9.  See http://wiki.contribs.org/Letsencrypt#Installation_of_Letsencrypt.sh

Dan,

could you add some notes about the contrib I am trying to build ?

For those interested see http://bugs.contribs.org/show_bug.cgi?id=8676

http://www.reetspetit.com/smeserver/6/repoview/smeserver-letsencrypt.html

http://wiki.contribs.org/User:ReetP

https://github.com/reetp/smeserver-letsencrypt/tree/smeserver-letsencrypt-0.1

We may get some help testing, and then everyone is using the same software

Although this is technically built for v9 as far as I am aware it should build and run on v8 currently

B. Rgds
John

[DanB35]

could you add some notes about the contrib I am trying to build?

Glad to.  Would you like me to simply note that a contrib is under development, or link to the bug/repo page/something else?

[ReetP]

Glad to.  Would you like me to simply note that a contrib is under development, or link to the bug/repo page/something else?

Whatever you want - more the better I guess !

Would normally do it myself but would be grateful if you could take that off my hands right now...

B. Rgds
John

[DanB35]

I added a note under Introduction.

[ReetP]

I added a note under Introduction.

Thank you. All a bit messy here right now as you can imagine.

[DanB35]

Indeed.  I considered trying to document the contrib, but I thought it better to let it settle a bit first.  In the meantime, there's notice that there's one in progress, and pointers to more info.

[DanB35]

Update:  It turns out that letsencrypt.sh currently relies on a feature of sed that isn't present in SME 8.  Hopefully this will be resolved shortly, but until then, don't expect that the instructions on the wiki will work.  Check out the bug tracker for all the details.

[ReetP]

Update:  It turns out that letsencrypt.sh currently relies on a feature of sed that isn't present in SME 8.  Hopefully this will be resolved shortly, but until then, don't expect that the instructions on the wiki will work.  Check out the bug tracker for all the details.

Seems they have fixed it.

Just updating things now.

http://bugs.contribs.org/show_bug.cgi?id=8676

[brianr]

I have started a bugzilla entry for the server panel to go with this.

http://bugs.contribs.org/show_bug.cgi?id=9196

All contributions gratefully accepted!