This is where I messed up before, where you have used `hostname -f` is the "-f" required along with the hostname and does that hostname have to be the FQDN as set in original server setup?
It has to be a fully qualified domain name (FQDN), but though I am using the one set in the original server setup, I am not so sure whether it "has to" be the same. The reason is there are two sides of this guide, one of which is access from the web and the other is access via non web. So far the web side is concerned, other FQDN will be fine, so long it is the same for the website and ISPC on port 8080. But I personally am not sure that is the same for access via non web side. My concerns are mainly on postfix and dovecot which many are using in running their mail server. However, I do think it could be possible but I haven't tested it. So if you have the luxury (time) to test that, you may do so, as it should be reversible if something went wrong.
... and the "-f" is that part of the required input ie:- server1.example.com -f or should it just be server1.example.com as I said I'm being very careful
You either type in `hostname -f` or server1.example.com. The result is the same because `hostname -f`is server1.example.com.
any ideas why the images on my sites are not being secured? Could it have something to do with my DNS settings as the warning does not show up on another site that is not on my DNS server. I am getting really horrible warnings from both Chrome and Edge that are likely to frighten visitors away from the sites. At this stage it's looking as though I may have to turn off SSL in Joomla to avoid the warning in chrome and edge Also I notice that when I go back to one of my sites in ISPC it has unchecked Let's Encrypt SSL for some unknown reason To see warnings visit https://scm-rpg.com.au/ in either edge or chrome
I already saw the warning and that is due to one of your images (background) is linked to other unsecured domain / site. As such, it should not have anything to do with your dns or other sites. Some browsers have the ability to check that so you may do necessary replacement. Some Joomla plugins / addons can also secure that kind of images. For the unchecked LE SSL, do check you LE log.
I dug deeper and found the offending items to be in either the template itself or the modules of Joomla. Cheers!
Code: No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 14.04.5 LTS Release: 14.04 Codename: trusty But some time ago Code: apt-get -y install letsencrypt this command was working (I have two this same servers with this same - above - Ubuntu). I have one website with LE SSL.
That is how you install LE in 16.04 guide but you are using 14.04 for this server. So the correct one should be in step 11 here. You should update your ISPC thereafter to let it manage your LE.
I have newest ISP and I used step 11 from tutorial You posted. Unfortunately I haven't this window on blue background (and no idea how to get this window) but normal letsencrypt installation like in tutorial for ubuntu 16.04. Strange, isn't it?
It is not strange to me at all as I did read some of your earlier postings. For the time being I consider the output of "lsb_release -a" you posted above as the correct one unless you changed your system again. Step 11 in the guide I posted above, if you aready did it, you just need to update your ISPC. This doesn't mean that your ISPC is not the latest but I personally think you need to update it so that ISPC can manage your LE creation and renewal properly.
I am good for beta-testing - said proffessor on my University. I can exploit/break each software. All my problems on this forum are on ISP 3.1.2, ubuntu 14.04 lts. All thing updated from aptitude update, aptitude safe-upgrade commands.
I consider you do not need any support on this guide and you are all good to go with your servers. All the best then.
Yes but very soon - 1month 9 days - LE Cert will expire. Then I will find out that renewing cert works. As I said earlier I have one website under ISP on the server. I am curious it will works or not, because I didn't install letsencrypt like tutorial says (I hadn't window on blue background and there was message to put which domain should have generated LE Cert or press 'c' to abort).
if your cert expires in 1 month and 9 days, you'll know how it works in about 9 days, since LE renews certs 1 month before they expire.
Yes, You have right but I need backup way if cert will not renew automatically. This forum is my mine of knowledge and I think I should know the answer before the problem appear but I know too that people are not on duty here 24/7.
10 days before a cert expires and if it hasn't been renewed, LE servers will send out a notification by email.
A few weeks back I did test running multiple inotifywait clients and they do all continue running, to the initial "run inotifywait from daily cronjob" is not good; the modified "start inotifywait from init scripts" would be better, as long as it doesn't ever die. What I'm actually using for pure-ftpd at the moment is the below script, run from a cronjob; rather than testing file timestamps it actually compares the certificate serial number handed out by the ftp daemon with the most recent file, and recreates the certificate file/restarts pure-ftpd if they differ. Save this as /usr/local/sbin/letsencrypt-for-pure-ftpd.sh: Code: #!/bin/bash # letsencrypt-for-pure-ftpd.sh: compares the ssl certficate/key used by pure-ftpd # with the current certificate/key issued by letsencrypt and copy the latter # to the former if they differ. # this can be run as a cronjob to propogate letsencrypt certificate changes # to pure-ftpd PUREFTPD_CERT=/etc/ssl/private/pure-ftpd.pem LE_DIR=/etc/letsencrypt/live/`hostname -f` LE_CA=${LE_DIR}/chain.pem LE_CERT=${LE_DIR}/cert.pem LE_FULLCHAIN=${LE_DIR}/fullchain.pem LE_KEY=${LE_DIR}/privkey.pem OPENSSL=`which openssl 2>/dev/null | head -1` # Check if letsencrypt has been setup if [ ! -f ${LE_CA} -o ! -f ${LE_CERT} -o ! -f ${LE_FULLCHAIN} -o ! -f ${LE_KEY} ] then echo "Letsencrypt files not found. You must setup letsencrypt and issue a certificate first." 1>&2 exit 0 fi # Check openssl binary exists if [ ! -f ${OPENSSL} ] then echo "Cannot find openssl. Exiting." 1>&2 exit 1 fi # setup_certs() copies/formats the letsencrypt files for pure-ftpd function setup_cert() { cat ${LE_KEY} ${LE_FULLCHAIN} > ${PUREFTPD_CERT} chown root:ssl-cert ${PUREFTPD_CERT} chmod 640 ${PUREFTPD_CERT} } # restart mysqld if it is running function restart_pureftpd_if_running() { /etc/init.d/pure-ftpd-mysql status 2>/dev/null >/dev/null if [ $? -eq 0 ] then /etc/init.d/pure-ftpd-mysql restart >/dev/null fi } if [ ! -f ${PUREFTPD_CERT} ] then setup_cert && restart_pureftpd_if_running else # check if keys/certificates changed le_modulus=`${OPENSSL} rsa -noout -modulus -in ${LE_KEY} | md5sum` pureftpd_modulus=`${OPENSSL} rsa -noout -modulus -in ${PUREFTPD_CERT} | md5sum` le_serial=`${OPENSSL} x509 -noout -serial -in ${LE_CERT}` pureftpd_file_serial=`${OPENSSL} x509 -noout -serial -in ${PUREFTPD_CERT}` pureftpd_running_serial=`${OPENSSL} s_client -connect localhost:21 -starttls ftp </dev/null 2>/dev/null | ${OPENSSL} x509 -serial -noout` if [ "${le_modulus}" != "${pureftpd_modulus}" -o "${le_serial}" != "${pureftpd_file_serial}" -o "${le_serial}" != "${pureftpd_running_serial}" ] then setup_cert && restart_pureftpd_if_running fi fi exit 0 Make that script executable, and the cronjob is a simple as: Code: # chmod +x /usr/local/sbin/letsencrypt-for-pure-ftpd.sh # echo '25 3 * * * root /usr/local/sbin/letsencrypt-for-pure-ftpd.sh' >> /etc/cron.d/letsencrypt-restarts
Nice tips @Jesse Norell. Note that I changed inotify script from archive and privkey1 to live and privkey, as LE will create new SSL files with new number in archive on each renewal while symlinks in live will also be updated.