Author:
erics , July 15th, 2020
sudo chgrp grafana / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
sudo chmod g + r / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
sudo vi / etc / grafana / grafana . ini
sudo service grafana - server restart
[ server ]
# Protocol (http, https, socket)
; protocol = http
protocol = https
# https certs & key file
; cert_file =
; cert_key =
cert_file = / etc / letsencrypt / archive / www . yourdomain . com / fullchain1 . pem
cert_key = / etc / letsencrypt / archive / www . yourdomain . com / privkey1 . pem
Categories: How-To's , Technology Tags: cert , certificate , Certs , chgrp , chmod , Enable , Existing , Grafana , Grafana Server , howto , https , LetsEncrypt , Restart , service , ssl , sudo , tips
| No comments
Author:
erics , May 6th, 2020
I ran letsencrypt-auto renew and got the following error:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
root @ prod06b : / etc / httpd / conf . d # /root/letsencrypt/letsencrypt-auto renew
Error : couldn 't get currently installed version for / opt / eff . org / certbot / venv / bin / letsencrypt :
Traceback ( most recent call last ) :
File "/opt/eff.org/certbot/venv/bin/letsencrypt" , line 7 , in < module >
from certbot . main import main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py" , line 2 , in < module >
from certbot . _internal import main as internal_main
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/_internal/main.py" , line 10 , in < module >
import josepy as jose
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py" , line 41 , in < module >
from josepy . interfaces import JSONDeSerializable
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py" , line 7 , in < module >
from josepy import errors , util
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py" , line 7 , in < module >
import OpenSSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py" , line 8 , in < module >
from OpenSSL import crypto , SSL
File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py" , line 12 , in < module >
from cryptography import x509
ImportError : No module named cryptography
The solution in this article gave me the answer:
sudo rm - rf / opt / eff . org / *
sudo pip install - U certbot
sudo certbot renew -- debug
Turns out Python was old at version 2.7, so did the following also:
sudo yum - y install python36
sudo alternatives -- config python
sudo pip install -- upgrade pip
Also had to change the cron job script to call certbot directly instead of letsencrypt-auto : vi /root/letsencrypt-cron.sh
#!/bin/sh
#
# letsencrypt-cron.sh
#
#OLD: if ! /root/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
#NEW:
if ! / usr / bin / certbot renew > / var / log / letsencrypt / renew . log 2 > & 1 ; then
echo Automated renewal failed :
cat / var / log / letsencrypt / renew . log
exit 1
fi
apachectl graceful
Categories: How-To's , Technology Tags: AWS , AWS Linux , cert , Certbot , howto , Install , Linux , pip , Python , Renew , ssl , tips , upgrade , Yum
| No comments
Author:
erics , March 28th, 2013
https://help.ubuntu.com/community/EC2APITools https://help.ubuntu.com/community/Repositories/CommandLine#Adding_the_Universe_and_Multiverse_Repositories As root in /root: vim /etc/apt/sources.list ## Added to the bottom: deb http://us.archive.ubuntu.com/ubuntu/ hardy multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ hardy multiverse deb http://us.archive.ubuntu.com/ubuntu/ hardy-updates multiverse deb-src http://us.archive.ubuntu.com/ubuntu/ hardy-updates multiverse apt-get update apt-get install sun-java5-jre apt-get install unzip wget http://s3.amazonaws.com/ec2-downloads/ec2-api-tools-1.3-34128.zip unzip ec2-api-tools-1.3-34128.zip export EC2_HOME=/root/ec2-api-tools-1.3-34128 export PATH=$PATH:$EC2_HOME/bin mkdir .pem Copy downloaded X.509 private key and cert into […]
Categories: How-To's , Technology Tags: AWS , cert , EC2 , Export , Hardy , Java , Multiverse , private key , RDS , Ubuntu
| No comments
Author:
erics , February 16th, 2011
yum install mod_ssl vim /etc/httpd/conf.d/ssl.conf If you got a sign certificate from Thawt, is may be in a signed bundle in PKCS #7 format. Look for this at the top: —–BEGIN PKCS #7 SIGNED DATA—– To extract the cert that you will need for Apache, run the following command: openssl pkcs7 -print_certs -in signed_bundle.pkcs7 Your […]
Categories: How-To's , Technology Tags: apache , Apache2 , cert , certificate , Hints , howto , mod_ssl , openssl , PKCS7 , ssl , Thawt , tips , Yum
| No comments
Author:
erics , January 28th, 2011
Create the private key file key.pem: # openssl genrsa -out key.pem 2048 Create the Certificate Signing Request (CSR) file req.pem: # openssl req -new -key key.pem -out req.pem When it asks for the common name, be sure to enter the full hostname of your server as used in the URL, like www.yourserver.com. This will create […]
Categories: How-To's , Technology Tags: cert , cert.pem , certificate , Certificate Signing Request , CSR , key.pem , openssl , req.pem
| No comments
Author:
erics , October 16th, 2009
Got the client’s web server to accept secure connections via SSL. I configured Apache httpd.conf properly so it used the right certificate file and it finally started working. I love lsof – what a great tool. Naomi just got home. Time for some TLC for her.
Categories: Technology Tags: .pem , apache , cert , http , httpd , https , ssl
| No comments
Author:
erics , October 16th, 2009
Need to find the client’s SSL cert – anyone seen it?
Categories: Business , Rants , Technology Tags: 443 , apache , cert , certificate , httpd , https , ssl
| No comments