summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
author Willy Sudiarto Raharjo <willysr@slackbuilds.org>2017-05-14 09:55:23 +0700
committer Willy Sudiarto Raharjo <willysr@slackbuilds.org>2017-05-14 09:55:23 +0700
commitab1467ceae85394831df6ac5c7c27e03171ddd17 (patch)
tree026669215b44d7bed13ab007815aca020c8ab6af
parent0a30773f34ce830bf4864e3280d7fdbc2d7b10c7 (diff)
downloadslackbuilds-willysr.tar.gz
slackbuilds-willysr.tar.xz
system/letsencrypt: Enable Apache Plugin.willysr
Thanks to Eric Pratt. Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
-rw-r--r--system/letsencrypt/README.Slackware36
-rw-r--r--system/letsencrypt/letsencrypt.SlackBuild16
2 files changed, 32 insertions, 20 deletions
diff --git a/system/letsencrypt/README.Slackware b/system/letsencrypt/README.Slackware
index 4a2e7e15fd5..1299b7a1fb0 100644
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@@ -1,12 +1,12 @@
-PLUGIN SUPPORT
+PLUGINS SUPPORT
letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
-However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now
-and nginx is still considered very experimental.
+However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way
+as it doesn't require the webserver to be taken offline causing downtime during validation.
-OBTAINING CERTIFICATE USING STANDALONE PLUGIN
-Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly"
-as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin.
+All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf
+OBTAINING CERTIFICATE USING STANDALONE PLUGIN
Here's what i use to create a certificate using port 443 for domain validation
certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
@@ -19,16 +19,22 @@ with
NOTE:
You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
temporarily stop your exising webserver)
-All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
-Once certificate is created, you need to enable and configure httpd-ssl.conf
+OBTAINING CERTIFICATE USING APACHE PLUGIN
+Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware.
+
+Here's what i use to create a certificate using port 443 for domain validation
+certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
+--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text
RENEWAL PROCESS
-Best way is to use a simple bash script that perform following actions:
-- turn off httpd service
-- give some delay (2s is enough)
-- run the above command to renew automatically
-- start httpd service
+Best way to automate the certificate renewal is by using cron service.
+Create a bash script in /etc/cron.d/monthly that does the following actions (depending on which plugin you used):
+Standalone: - turn off httpd service
+ - give some delay (2s is enough)
+ - run the same command generate the certificate to renew automatically
+ - start httpd service
+Apache Plugin: run the same command to generate the certificate to renew automatically
RATE LIMIT
Rate limit on registrations per IP is now 500 per 3 hours.
@@ -56,8 +62,8 @@ rsa-key-size = 4096
# Uncomment to use a text interface instead of ncurses
# text = True
-# Uncomment to use the standalone authenticator on port 443
-# authenticator = standalone
+# Uncomment to use the standalone or apache authenticator on port 443
+# authenticator = standalone / apache
# preferred-challenges = tls-sni-01
# Uncomment to use the webroot authenticator. Replace webroot-path with the
diff --git a/system/letsencrypt/letsencrypt.SlackBuild b/system/letsencrypt/letsencrypt.SlackBuild
index ceefe5f90ba..83735362816 100644
--- a/system/letsencrypt/letsencrypt.SlackBuild
+++ b/system/letsencrypt/letsencrypt.SlackBuild
@@ -25,7 +25,7 @@
PRGNAM=letsencrypt
SRCNAM=certbot
VERSION=${VERSION:-0.14.0}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
TAG=${TAG:-_SBo}
if [ -z "$ARCH" ]; then
@@ -72,6 +72,12 @@ find -L . \
sed -i "/'argparse',/d" setup.py
sed -i "/'argparse',/d" acme/setup.py
+sed -i 's/apache2ctl/apachectl/' certbot-apache/certbot_apache/constants.py
+
+for i in $(grep -ri /apache2 * | cut -d: -f1 | sort -u)
+do
+ sed -i 's/\/apache2/\/httpd/' $i
+done
# install acme-protocol first
cd acme
@@ -79,17 +85,17 @@ python setup.py install --root=$PKG
# install letsencrypt client
cd ..
-
python setup.py install --root=$PKG
# this plugins are not working for Slackware yet, but we will keep it here
# install apache plugin
-#cd letsencrypt-apache
-#python setup.py install --root=$PKG
+cd certbot-apache
+python setup.py install --root=$PKG
+cd ..
# install nginx plugin
-#cd ../letsencrypt-nginx
+#cd ../certbot-nginx
#python setup.py install --root=$PKG
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \