aboutsummaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
authorWilly Sudiarto Raharjo <willysr@slackbuilds.org>2018-01-18 20:39:21 +0700
committerWilly Sudiarto Raharjo <willysr@slackbuilds.org>2018-01-20 07:01:17 +0700
commit967ae58146cdf37db22ecd3ee8607750dc7bb9cd (patch)
treeac43c3377ebdf3d8dcf5ae3ba35b83eaccb36edc /system
parent4091bd3d8ece7ee4def05faa8aae9e49a2fba5a0 (diff)
system/letsencrypt: Updated for version 0.21.0.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'system')
-rw-r--r--system/letsencrypt/README.Slackware39
-rw-r--r--system/letsencrypt/configurator.patch33
-rw-r--r--system/letsencrypt/letsencrypt.SlackBuild5
-rw-r--r--system/letsencrypt/letsencrypt.info8
4 files changed, 46 insertions, 39 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
index 25d059ca39a44..0558cc5ba75a9 100644
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@@ -1,44 +1,18 @@
PLUGINS SUPPORT
letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
-However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way
-as it doesn't require the webserver to be taken offline causing downtime during validation.
+Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline
+causing downtime during validation.
All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf
-OBTAINING CERTIFICATE USING STANDALONE PLUGIN
-Here's what i use to create a certificate using port 443 for domain validation
-certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
-
-If you want to use port 80 for domain validation, replace
---preferred-challenges tls-sni-01
-with
---preferred-challenges http-01
-
Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains.
Just run letsencrypt or certbot and you will see all domains are available.
-NOTE:
-You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
-temporarily stop your exising webserver)
-
-OBTAINING CERTIFICATE USING APACHE PLUGIN
-Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware.
-
-Here's what i use to create a certificate using port 443 for domain validation
-certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
---email <ADMIN-EMAIL> --renew-by-default --agree-tos --text
-
RENEWAL PROCESS
Best way to automate the certificate renewal is by using cron service.
-Create a bash script in /etc/cron.monthly that does the following actions (depending on which plugin you used):
-Standalone: - turn off httpd service
- - give some delay (2s is enough)
- - run the same command generate the certificate to renew automatically
- - start httpd service
-Apache Plugin: run the same command to generate the certificate to renew automatically or use
- letsencrypt renew (it will automatically renew when the expired date is less than few weeks).
+Create a bash script in /etc/cron.monthly that does the following actions:
+ letsencrypt renew (it will automatically renew when the expired date is less than few weeks).
RATE LIMIT
Rate limit on registrations per IP is now 500 per 3 hours.
@@ -67,9 +41,8 @@ rsa-key-size = 4096
# Uncomment to use a text interface instead of ncurses
# text = True
-# Uncomment to use the standalone or apache authenticator on port 443
-# authenticator = standalone / apache
-# preferred-challenges = tls-sni-01
+# Uncomment to use the apache authenticator
+# authenticator = apache
# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
diff --git a/system/letsencrypt/configurator.patch b/system/letsencrypt/configurator.patch
new file mode 100644
index 0000000000000..cca84f2518927
--- /dev/null
+++ b/system/letsencrypt/configurator.patch
@@ -0,0 +1,33 @@
+--- certbot-0.21.0/certbot-apache/certbot_apache/configurator.py.old 2018-01-19 05:16:48.965843221 +0700
++++ certbot-0.21.0/certbot-apache/certbot_apache/configurator.py 2018-01-19 05:35:24.916445040 +0700
+@@ -89,20 +89,20 @@
+ description = "Apache Web Server plugin - Beta"
+
+ OS_DEFAULTS = dict(
+- server_root="/etc/apache2",
+- vhost_root="/etc/apache2/sites-available",
+- vhost_files="*",
+- logs_root="/var/log/apache2",
+- version_cmd=['apache2ctl', '-v'],
+- apache_cmd="apache2ctl",
+- restart_cmd=['apache2ctl', 'graceful'],
+- conftest_cmd=['apache2ctl', 'configtest'],
++ server_root="/etc/httpd",
++ vhost_root="/etc/httpd/extra",
++ vhost_files="httpd-vhosts.conf",
++ logs_root="/var/log/httpd",
++ version_cmd=['apachectl', '-v'],
++ apache_cmd="apachectl",
++ restart_cmd=['apachectl', 'graceful'],
++ conftest_cmd=['apachectl', 'configtest'],
+ enmod=None,
+ dismod=None,
+- le_vhost_ext="-le-ssl.conf",
++ le_vhost_ext="",
+ handle_mods=False,
+ handle_sites=False,
+- challenge_location="/etc/apache2",
++ challenge_location="/etc/httpd",
+ MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+ "certbot_apache", "options-ssl-apache.conf")
+ )
diff --git a/system/letsencrypt/letsencrypt.SlackBuild b/system/letsencrypt/letsencrypt.SlackBuild
index 5f9097d3c3e3a..b68a4159fb934 100644
--- a/system/letsencrypt/letsencrypt.SlackBuild
+++ b/system/letsencrypt/letsencrypt.SlackBuild
@@ -2,7 +2,7 @@
# Slackware build script for letsencrypt
-# Copyright 2015-2017 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
+# Copyright 2015-2018 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
@@ -24,7 +24,7 @@
PRGNAM=letsencrypt
SRCNAM=certbot
-VERSION=${VERSION:-0.19.0}
+VERSION=${VERSION:-0.21.0}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
@@ -73,6 +73,7 @@ find -L . \
sed -i "/'argparse',/d" setup.py
sed -i "/'argparse',/d" acme/setup.py
sed -i 's/apache2ctl/apachectl/' certbot-apache/certbot_apache/constants.py
+patch -p1 < $CWD/configurator.patch
for i in $(grep -ri /apache2 * | cut -d: -f1 | sort -u)
do
diff --git a/system/letsencrypt/letsencrypt.info b/system/letsencrypt/letsencrypt.info
index fd775f552cb42..605a4d6ff156b 100644
--- a/system/letsencrypt/letsencrypt.info
+++ b/system/letsencrypt/letsencrypt.info
@@ -1,10 +1,10 @@
PRGNAM="letsencrypt"
-VERSION="0.19.0"
+VERSION="0.21.0"
HOMEPAGE="https://letsencrypt.org/"
-DOWNLOAD="https://github.com/certbot/certbot/archive/v0.19.0/certbot-0.19.0.tar.gz"
-MD5SUM="3eeaceb7fe5b514807d8b7f4af57edc1"
+DOWNLOAD="https://github.com/certbot/certbot/archive/v0.21.0/certbot-0.21.0.tar.gz"
+MD5SUM="d95c4aca9e3e19f5c4a87975283245a4"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
-REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing"
+REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing josepy"
MAINTAINER="Willy Sudiarto Raharjo"
EMAIL="willysr@slackbuilds.org"