Topic: How to remove Shad L. Lords Cacert mod?

[compdoc]

I once followed the instructions here to install Shad L. Lords mod for cacert. But now I want to use Let's Encrypt.

What steps should I take to remove it? Can I just delete the modSSL service from the config? Also delete the certificate files I created?

[Stefano]

well.. some hints on what you did/howto you followed might help us to help you

[compdoc]

https://wiki.contribs.org/Custom_CA_Certificate

[Stefano]

https://forums.contribs.org/index.php/topic,52993.msg273843.html#msg273843

then use letsencrypt

[compdoc]

Perfect. Thanks. I even seem to have it working, after lots of trial and error. 

[Stefano]

Can you tell us more about the problems you had?

[compdoc]

I installed the Dehydrated contrib, but found that it doesn't seem to set things up that are later mentioned in the wiki.

Examples:

There was no file /usr/local/bin/dehydrated-hook
There was no custom template fragment for Apache
To renew expired certs, there was no file /etc/cron.daily/call-dehydrated


Probably the most time was spent looking up commands to check my work, making the changes, and seeing what effect the changes had.

For instance, in the beginning, I could not figure out why my edits to /etc/dehydrated/domains.txt were being deleted or changed whenever I ran dehydrated.

Most useful commands to getting it working were:

config show letsencrypt
db hosts show
db domains show
config show modSSL (this one is in the wiki)
db accounts show


By the way, there is a command in the wiki that omits one thing...

The example command:
config setprop letsencrypt configure all | domains | hosts

Should probably read instead:
config setprop letsencrypt configure none | all | domains | hosts

Since 'none' is how it comes installed, and is what I finally used because only two hostnames were needed in the cert.

Anyway, it will be nice to have a new cert automatically installed each time, although I don't yet know if the cron job is working.

And its great to have a working cert for my site!

Thanks!

[compdoc]

Never mind about  /etc/cron.daily/call-dehydrated. There's a file named  /etc/cron.daily/letsencript instead.

However, it differs slightly from the contents of /etc/cron.daily/call-dehydrated as written in the wiki.

[DanB35]

I installed the Dehydrated contrib,

Which one?  smeserver-letsencrypt from the reetp repo is the best-integrated option. If you just installed dehydrated from the smecontribs repo, you'll need to create all the other configuration and script files yourself as described on the wiki page.

[compdoc]

I followed the page https://wiki.contribs.org/Letsencrypt

Good to know about reetp repo. I have another system I'm going to try this on, and might redo my own.

Thanks!

[DanB35]

The wiki documents (at least) three different methods of installation.  Which one did you use?

[Jean-Philippe Pialasse]

Which one?  smeserver-letsencrypt from the reetp repo is the best-integrated option. If you just installed dehydrated from the smecontribs repo, you'll need to create all the other configuration and script files yourself as described on the wiki page.

Code: [Select]

# yum install smeserver-letsencrypt --enablerepo=smedev,smecontribs
==========================================================
 Package                        Arch      Version                                               Repository  Size
==========================================================
Installing:
 smeserver-letsencrypt    noarch    0.4-1                                                  smedev     27 k
Installing for dependencies:
 dehydrated                   noarch    0.4.0.20170205.git1163864-1.el6.sme      smedev     25 k

Transaction Summary
==========================================================
Install       2 Package(s)

Total download size: 52 k
Installed size: 87 k
Is this ok [y/N]:

# yum install smeserver-letsencrypt --enablerepo=reetp
==========================================================
 Package                           Arch         Version                                        Repository   Size
==========================================================
Installing:
 smeserver-letsencrypt       noarch       0.4-1                                          reetp        27 k
Installing for dependencies:
 dehydrated                      noarch       0.4.0.170206.git1163864-1             reetp        22 k

Transaction Summary
==========================================================
Install       2 Package(s)

Total download size: 49 k
Installed size: 90 k
Is this ok [y/N]:



they are the same, just need a few hands to verify the one in smedev is working as good...

[ReetP]

Originally smeserver-letsencrypt was just in my repo but has now been added to smecontribs (or smetesting)

The dehydrated rpm JUST adds the dehydrated script but configures nothing.

smeserver-letsencrypt does the configuration for you, and depends on dehydrated, so best to install the smeserver-letsencrypt which will pull in dehydrated at the same time

The wiki may well need updating - I just haven't had the time to do anything recently but intend to try and get back up to speed in the next week or so, work allowing (as that is what put bread on my table and keeps a roof over my head!)

Once we have it properly sorted in smecontribs I'll remove the one from my repo.

B. Rgds
John

[DanB35]

Once we have it properly sorted in smecontribs I'll remove the one from my repo.

It's in smedev now (as noted above by JPP); I've updated the wiki.

[DanB35]

Once we have it properly sorted in smecontribs I'll remove the one from my repo.

It's in smedev now (as noted above by JPP); I've updated the wiki.