aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWilly Sudiarto Raharjo <willysr@slackbuilds.org>2015-12-09 15:27:01 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2015-12-09 15:29:21 +0700
commitbd51ca2b0e50a43336f224d94fc2ab859525326a (patch)
tree35d25ba045bb56c211a405d3315d313ea385d6d5
parent69f266f1887cec23ac3ba8366956f2ac5ff889ce (diff)
system/letsencrypt: Added (Manage X.509 certificates).
Signed-Off-by: Robby Workman <rworkman@slackbuilds.org> Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--system/letsencrypt/README6
-rw-r--r--system/letsencrypt/README.Slackware73
-rw-r--r--system/letsencrypt/letsencrypt.SlackBuild101
-rw-r--r--system/letsencrypt/letsencrypt.info10
-rw-r--r--system/letsencrypt/slack-desc19
5 files changed, 209 insertions, 0 deletions
diff --git a/system/letsencrypt/README b/system/letsencrypt/README
new file mode 100644
index 000000000000..6e439e00c50a
--- /dev/null
+++ b/system/letsencrypt/README
@@ -0,0 +1,6 @@
+The Let's Encrypt Client is a tool to automatically receive and
+install X.509 certificates to enable TLS on servers.
+The client will interoperate with the Let's Encrypt CA which will be
+issuing browser-trusted certificates for free.
+
+See README.Slackware for more detailed instructions.
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
new file mode 100644
index 000000000000..aba34175809a
--- /dev/null
+++ b/system/letsencrypt/README.Slackware
@@ -0,0 +1,73 @@
+PLUGIN SUPPORT
+letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
+However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now
+and nginx is still considered very experimental.
+
+OBTAINING CERTIFICATE USING STANDALONE PLUGIN
+Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly"
+as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin.
+
+Here's what i use to create a certificate using port 443 for domain validation
+letsencrypt certonly --webroot-path=<DOCUMENT-ROOT> --standalone-supported-challenges tls-sni-01 -d <DOMAIN-NAME> \
+--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
+
+If you want to use port 80 for domain validation, replace
+--standalone-supported-challenges tls-sni-01
+with
+--standalone-supported-challenges http-01
+
+NOTE:
+You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
+temporarily stop your exising webserver)
+All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+
+Once certificate is created, you need to enable and configure httpd-ssl.conf
+
+RENEWAL PROCESS
+Best way is to use a simple bash script that perform following actions:
+- turn off httpd service
+- give some delay (2s is enough)
+- run the above command to renew automatically
+- start httpd service
+
+RATE LIMIT
+Rate limit on registrations per IP is now 10 per 3 hours.
+Rate limit on certificates per Domain is now 5 per 7 days.
+
+CONFIGURATION FILES
+
+It is possible to specify configuration file with letsencrypt --config cli.ini (or shorter -c cli.ini).
+An example configuration file is shown below:
+
+# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Let's Encrypt with
+# "--help" to learn more about the available options.
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+# email = foo@example.com
+
+# Uncomment and update to generate certificates for the specified
+# domains.
+# domains = example.com, www.example.com
+
+# Uncomment to use a text interface instead of ncurses
+# text = True
+
+# Uncomment to use the standalone authenticator on port 443
+# authenticator = standalone
+# standalone-supported-challenges = tls-sni-01
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+# authenticator = webroot
+# webroot-path = /usr/share/nginx/html
+
+By default, the following locations are searched:
+/etc/letsencrypt/cli.ini
+$XDG_CONFIG_HOME/letsencrypt/cli.ini (or ~/.config/letsencrypt/cli.ini if $XDG_CONFIG_HOME is not set).
diff --git a/system/letsencrypt/letsencrypt.SlackBuild b/system/letsencrypt/letsencrypt.SlackBuild
new file mode 100644
index 000000000000..08714080f89a
--- /dev/null
+++ b/system/letsencrypt/letsencrypt.SlackBuild
@@ -0,0 +1,101 @@
+#!/bin/sh
+
+# Slackware build script for letsencrypt
+
+# Copyright 2015 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=letsencrypt
+VERSION=${VERSION:-0.1.0}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz || tar xvf $CWD/v$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+ -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+ -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+# install acme-protocol first
+cd acme
+python setup.py install --root=$PKG
+
+# install letsencrypt client
+cd ..
+python setup.py install --root=$PKG
+
+# this plugins are not working for Slackware yet, but we will keep it here
+
+# install apache plugin
+#cd letsencrypt-apache
+#python setup.py install --root=$PKG
+
+# install nginx plugin
+#cd ../letsencrypt-nginx
+#python setup.py install --root=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a *.rst *.md *.txt *.in $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/letsencrypt/letsencrypt.info b/system/letsencrypt/letsencrypt.info
new file mode 100644
index 000000000000..db7cae53ee17
--- /dev/null
+++ b/system/letsencrypt/letsencrypt.info
@@ -0,0 +1,10 @@
+PRGNAM="letsencrypt"
+VERSION="0.1.0"
+HOMEPAGE="https://letsencrypt.org/"
+DOWNLOAD="https://github.com/letsencrypt/letsencrypt/archive/v0.1.0.tar.gz"
+MD5SUM="eb1208bcf5c33a6f030da9419718bf6b"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 pyOpenSSL psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing"
+MAINTAINER="Willy Sudiarto Raharjo"
+EMAIL="willysr@slackbuilds.org"
diff --git a/system/letsencrypt/slack-desc b/system/letsencrypt/slack-desc
new file mode 100644
index 000000000000..87d971c033da
--- /dev/null
+++ b/system/letsencrypt/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+letsencrypt: letsencrypt (Manage X.509 certificates)
+letsencrypt:
+letsencrypt: The Let's Encrypt Client is a tool to automatically receive and
+letsencrypt: install X.509 certificates to enable TLS on servers.
+letsencrypt: The client will interoperate with the Let's Encrypt CA which will be
+letsencrypt: issuing browser-trusted certificates for free.
+letsencrypt:
+letsencrypt:
+letsencrypt: Project URL: https://letsencrypt.org/
+letsencrypt:
+letsencrypt: