Lets Encrypt
10 | 08 Nov 2015Let's Encrypt is an awesome new project that will enable automated ssl cert deployments, which will make life as a sysadmin much easier.
I've issued my first certificates under the beta testing of the lets encrypt project. The certificates can be viewed at https://sks.mj2.uk and https://pgp.mj2.uk.
From code checkout to the the issueing of the certs took me a couple of hours, the hickups I had was 1. with the various libary dependencies, 2. with a header request on the auth request. For the libaries I spawned a new Centos 7 vm, performed a yum update and had no issues. For the header request I had to ensute the Content-Type header returned text/plain without a charset.
Centos 7 Working Client
[mike@test1005 letsencrypt]$ cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
[mike@test1005 letsencrypt]$ python --version
Python 2.7.5
[mike@test1005 letsencrypt]$ ./letsencrypt-auto
IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to mj@mikejonesey.co.uk.
- The following 'connection' errors were reported by the server:
Domains: sks.mj2.uk
Error: The server could not connect to the client for DV
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address. Additionally, please check that
your computer has a publicly routable IP address and that no
firewalls are preventing the server from communicating with the
client.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
This was followed by the error;
No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually
[mike@test1005 letsencrypt]$ ls /etc/letsencrypt/
accounts csr keys renewal
./letsencrypt-auto -a manual -d sks.mj2.uk --agree-dev-preview auth
At this point there is a small amount of text output that will inform you of a token and where to place the token on your web server. This token must be availible with the exact header Content-Type: plain/text (not Content-Type: plain/text; charset: UTF8)
[mike@test1005 letsencrypt]$ ls /etc/letsencrypt/
accounts archive csr keys live renewal
The certificate was issued and can be viewed here;
https://crt.sh/?id=10544134
Centos 6, failed attempt; pastelog
[mike@test1001 letsencrypt]$ cat /etc/issue
CentOS release 6.6 (Final)
Kernel r on an m
python setup.py egg_info
Updating letsencrypt and virtual environment dependencies.....Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-Q2xo5B/ConfigArgParse
sudo yum install python-pip
sudo pip install --upgrade setuptools
sudo yum update (test box, don't care...)
[mike@test1001 letsencrypt]$ cat /etc/issue
CentOS release 6.7 (Final)
Kernel r on an m
[mike@test1001 letsencrypt]$ sudo pip install --upgrade setuptools
You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Requirement already up-to-date: setuptools in /usr/lib/python2.6/site-packages
sudo pip install requests[security]
[mike@test1001 letsencrypt]$ sudo pip install --upgrade setuptools
/usr/lib64/python2.6/site-packages/cryptography/__init__.py:25: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python.
DeprecationWarning
You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Requirement already up-to-date: setuptools in /usr/lib/python2.6/site-packages
sudo pip install --upgrade pip
[mike@test1001 letsencrypt]$ ./letsencrypt-auto
Updating letsencrypt and virtual environment dependencies.....Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-T45S6p/ConfigArgParse
sudo easy_install -U setuptools
[mike@test1001 letsencrypt]$ ./letsencrypt-auto
...
wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py
wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
python ez_setup.py
sudo pip install django
[mike@test1001 letsencrypt]$ ./letsencrypt-auto
Updating letsencrypt and virtual environment dependencies.../home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
./home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
./home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-jTLw4q/ConfigArgParse
sudo pip install requests==2.5.3
sudo python ez_setup.py install virtualenvwrapper
....