diff options
author | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2018-01-18 20:39:21 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2018-01-20 07:01:17 +0700 |
commit | 967ae58146cdf37db22ecd3ee8607750dc7bb9cd (patch) | |
tree | ac43c3377ebdf3d8dcf5ae3ba35b83eaccb36edc | |
parent | 4091bd3d8ece7ee4def05faa8aae9e49a2fba5a0 (diff) |
system/letsencrypt: Updated for version 0.21.0.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r-- | system/letsencrypt/README.Slackware | 39 | ||||
-rw-r--r-- | system/letsencrypt/configurator.patch | 33 | ||||
-rw-r--r-- | system/letsencrypt/letsencrypt.SlackBuild | 5 | ||||
-rw-r--r-- | system/letsencrypt/letsencrypt.info | 8 |
4 files changed, 46 insertions, 39 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware index 25d059ca39a44..0558cc5ba75a9 100644 --- a/system/letsencrypt/README.Slackware +++ b/system/letsencrypt/README.Slackware @@ -1,44 +1,18 @@ PLUGINS SUPPORT letsencrypt support five plugins to obtain/install certificates and many more to come in the future. -However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way -as it doesn't require the webserver to be taken offline causing downtime during validation. +Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline +causing downtime during validation. All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME> Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf -OBTAINING CERTIFICATE USING STANDALONE PLUGIN -Here's what i use to create a certificate using port 443 for domain validation -certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \ ---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone - -If you want to use port 80 for domain validation, replace ---preferred-challenges tls-sni-01 -with ---preferred-challenges http-01 - Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains. Just run letsencrypt or certbot and you will see all domains are available. -NOTE: -You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to -temporarily stop your exising webserver) - -OBTAINING CERTIFICATE USING APACHE PLUGIN -Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware. - -Here's what i use to create a certificate using port 443 for domain validation -certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \ ---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text - RENEWAL PROCESS Best way to automate the certificate renewal is by using cron service. -Create a bash script in /etc/cron.monthly that does the following actions (depending on which plugin you used): -Standalone: - turn off httpd service - - give some delay (2s is enough) - - run the same command generate the certificate to renew automatically - - start httpd service -Apache Plugin: run the same command to generate the certificate to renew automatically or use - letsencrypt renew (it will automatically renew when the expired date is less than few weeks). +Create a bash script in /etc/cron.monthly that does the following actions: + letsencrypt renew (it will automatically renew when the expired date is less than few weeks). RATE LIMIT Rate limit on registrations per IP is now 500 per 3 hours. @@ -67,9 +41,8 @@ rsa-key-size = 4096 # Uncomment to use a text interface instead of ncurses # text = True -# Uncomment to use the standalone or apache authenticator on port 443 -# authenticator = standalone / apache -# preferred-challenges = tls-sni-01 +# Uncomment to use the apache authenticator +# authenticator = apache # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. diff --git a/system/letsencrypt/configurator.patch b/system/letsencrypt/configurator.patch new file mode 100644 index 0000000000000..cca84f2518927 --- /dev/null +++ b/system/letsencrypt/configurator.patch @@ -0,0 +1,33 @@ +--- certbot-0.21.0/certbot-apache/certbot_apache/configurator.py.old 2018-01-19 05:16:48.965843221 +0700 ++++ certbot-0.21.0/certbot-apache/certbot_apache/configurator.py 2018-01-19 05:35:24.916445040 +0700 +@@ -89,20 +89,20 @@ + description = "Apache Web Server plugin - Beta" + + OS_DEFAULTS = dict( +- server_root="/etc/apache2", +- vhost_root="/etc/apache2/sites-available", +- vhost_files="*", +- logs_root="/var/log/apache2", +- version_cmd=['apache2ctl', '-v'], +- apache_cmd="apache2ctl", +- restart_cmd=['apache2ctl', 'graceful'], +- conftest_cmd=['apache2ctl', 'configtest'], ++ server_root="/etc/httpd", ++ vhost_root="/etc/httpd/extra", ++ vhost_files="httpd-vhosts.conf", ++ logs_root="/var/log/httpd", ++ version_cmd=['apachectl', '-v'], ++ apache_cmd="apachectl", ++ restart_cmd=['apachectl', 'graceful'], ++ conftest_cmd=['apachectl', 'configtest'], + enmod=None, + dismod=None, +- le_vhost_ext="-le-ssl.conf", ++ le_vhost_ext="", + handle_mods=False, + handle_sites=False, +- challenge_location="/etc/apache2", ++ challenge_location="/etc/httpd", + MOD_SSL_CONF_SRC=pkg_resources.resource_filename( + "certbot_apache", "options-ssl-apache.conf") + ) diff --git a/system/letsencrypt/letsencrypt.SlackBuild b/system/letsencrypt/letsencrypt.SlackBuild index 5f9097d3c3e3a..b68a4159fb934 100644 --- a/system/letsencrypt/letsencrypt.SlackBuild +++ b/system/letsencrypt/letsencrypt.SlackBuild @@ -2,7 +2,7 @@ # Slackware build script for letsencrypt -# Copyright 2015-2017 Willy Sudiarto Raharjo <willysr@slackbuilds.org> +# Copyright 2015-2018 Willy Sudiarto Raharjo <willysr@slackbuilds.org> # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -24,7 +24,7 @@ PRGNAM=letsencrypt SRCNAM=certbot -VERSION=${VERSION:-0.19.0} +VERSION=${VERSION:-0.21.0} BUILD=${BUILD:-1} TAG=${TAG:-_SBo} @@ -73,6 +73,7 @@ find -L . \ sed -i "/'argparse',/d" setup.py sed -i "/'argparse',/d" acme/setup.py sed -i 's/apache2ctl/apachectl/' certbot-apache/certbot_apache/constants.py +patch -p1 < $CWD/configurator.patch for i in $(grep -ri /apache2 * | cut -d: -f1 | sort -u) do diff --git a/system/letsencrypt/letsencrypt.info b/system/letsencrypt/letsencrypt.info index fd775f552cb42..605a4d6ff156b 100644 --- a/system/letsencrypt/letsencrypt.info +++ b/system/letsencrypt/letsencrypt.info @@ -1,10 +1,10 @@ PRGNAM="letsencrypt" -VERSION="0.19.0" +VERSION="0.21.0" HOMEPAGE="https://letsencrypt.org/" -DOWNLOAD="https://github.com/certbot/certbot/archive/v0.19.0/certbot-0.19.0.tar.gz" -MD5SUM="3eeaceb7fe5b514807d8b7f4af57edc1" +DOWNLOAD="https://github.com/certbot/certbot/archive/v0.21.0/certbot-0.21.0.tar.gz" +MD5SUM="d95c4aca9e3e19f5c4a87975283245a4" DOWNLOAD_x86_64="" MD5SUM_x86_64="" -REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing" +REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing josepy" MAINTAINER="Willy Sudiarto Raharjo" EMAIL="willysr@slackbuilds.org" |