Lets Encrypt

LetsEncrypt
On CentOS 7, enable the optional channel for the EPEL repository:

yum -y install yum-utils
yum -y install epel-release

Then install certbot:

yum install certbot

Pound as SSL proxy
Edit /usr/local/etc/pound.cfg to redirect Certbot verifications:

Service
    URL      "^/\.well-known.*?$"
    BackEnd
      Address 127.0.0.1
      Port    8080
    End
  End

Restart Pound (svc -t /service/pound and test getting a certificate:

certbot certonly --dry-run -d test.domain.com --webroot -w /var/websites/private/htdocs

If doesn't work, fix Pound config, then get a certificate:

certbot certonly -d test.domain.com --webroot -w /var/websites/private/htdocs

Pound needs the cert components in one .pem file:

cd /etc/letsencrypt/live/test.domain.com
cat privkey.pem fullchain.pem > combined-for-pound.pem
chmod 400 combined-for-pound.pem

Create the HTTPS config for Pound:

ListenHTTPS
  Address xxx.xxx.xxx.xxx
  Port    443
  Disable SSLv2
  Disable SSLv3
  Cert    "/etc/letsencrypt/live/test.domain.com/combined-for-pound.pem"
  SSLHonorCipherOrder 1
  Ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS"

Service HeadRequire "Host:.*test.domain.com.*" BackEnd Address 127.0.0.1 Port 8080 End End End

Create a renewal-hook in /etc/letsencrypt/renewal-hooks/deploy/combine-certs-for-pound.sh to automatically combine the certifcate files for Pound:

#!/bin/sh
privkey="$RENEWED_LINEAGE/privkey.pem"
fullchain="$RENEWED_LINEAGE/fullchain.pem"
combined="$RENEWED_LINEAGE/combined-for-pound.pem"

cat "$privkey" "$fullchain" > "$combined" chmod 400 $combined svc -t /service/pound

Make it executable:

chmod ugo+x /etc/letsencrypt/renewal-hooks/deploy/combine-certs-for-pound.sh

Recent Updates

Apache

2 years 3 days ago
Apache

2 years 3 days ago
lighttpd

2 years 5 days ago

php 8.x
MariaDB

2 years 1 week ago

10.6.7
CentOS

2 years 1 week ago

Drop Centos 5/6 stuff

Recent Links

SquidGuard

SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
NCurses Disk Usage

A disk usage analyzer with an ncurses interface, aimed to be run on a remote server where you don't have an entire gaphical setup, but have to do with a simple SSH connection. ncdu aims to be fast, simple and easy to use, and should be able to run in any minimal POSIX-like environment with ncurses installed.
WPKG

WPKG is an automated software deployment, upgrade and removal program for Windows.

It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server (for example, Samba or Active Directory) to a number of workstations.

It can run as a service to install software in the background (silent install), without user interaction.

It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.

WPKG is open source software.
opsi

opsi (Open PC Server Integration) the Open Source client management system
Vagrant

Vagrant is a tool for building complete development environments. With an easy-to-use workflow and focus on automation, Vagrant lowers development environment setup time, increases development/production parity, and makes the "works on my machine" excuse a relic of the past.

Main menu

You are here

Lets Encrypt

Recent Updates

Recent Links