Tag Archives: Ubuntu

Getting a cert from LetsEncrypt.org

This post explains how to get your first certificate from letsencrypt.org. Everyone can get a free and valid certificate for any of the domains that you own. The following steps have been tested on a fresh install of Ubuntu 14.04.

Getting the software

Let’s start with installing git. This is required to get the letsencrypt software. Note that I have been running all commands as root. Maybe this is not required for all steps, but since some of the following commands are installing software, you’ll need to have root rights for those steps.

root@certserver:~# apt-get install git

Git and all of its dependencies will now install. When finished, we use git to fetch the latest version of letsencrypt.

root@certserver:~# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 25493, done.
remote: Compressing objects: 100% (45/45), done.
remote: Total 25493 (delta 21), reused 0 (delta 0), pack-reused 25448
Receiving objects: 100% (25493/25493), 6.72 MiB | 2.91 MiB/s, done.
Resolving deltas: 100% (17859/17859), done.
Checking connectivity... done.

Now change directory and execute the main install script.

root@certserver:~# cd letsencrypt/
root@certserver:~/letsencrypt# ./letsencrypt-auto

This wil take some time and install lots of packages. After a few minutes, the installation ended and these were the last 2 lines printed.

Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt
No installers seem to be present and working on your system; fix that or try running letsencrypt with the "certonly" command

The message is displayed because no supported webserver is installed on my server. In my case that’s normal as I did not install Apache or Nginx on this freshly installed server. My only goal was to get certificates for my domain and that can be accomplished with the “certonly” command.

Requesting your first certificates

Note that I added the “-t” option to stay in text mode and not ncurses. Just to make it easier to copy and paste the output on this document.

 root@certserver:~/letsencrypt# ./letsencrypt-auto certonly -t
Enter email address (used for urgent notices and lost key recovery) (Enter 'c'
to cancel):

Give them your email address.
Next you’ll have to read and agree to the Term of Service. After you accept the ToS, pay attention to the most important step of the process. You have to enter your domain names.

Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):

I suggest to list all domains for which you would to request a certificate. In my case this would be

rivy.org www.rivy.org mail.rivy.org webmail.rivy.org

If all went fine, you’ll see the following message.

 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/rivy.org/fullchain.pem. Your cert will
   expire on 2016-03-09. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le


Possible errors

Failed authorization procedure. mail.rivy.org (tls-sni-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Correct zName not found for TLS SNI challenge.

If you get this error check these 2 things:

  • Is the domainname resolving to the IP address of the server?
  • Is the server reachable on port 80 and 443 from the internet?
    These 2 items are required to check ownership of the domain. And obviously you need to control the domain to get a cert from letsencrypt.org

  • Using mod_spdy with Apache 2.4 on Ubuntu 14.04

    How to start using mod_spdy with Apache 2.4 on Ubuntu 14.04. This previous post explains how to build mod_spdy.

    Getting mod_spdy

    mod_spdy is not available for Apache 2.4.7 on Ubuntu 14.04. You can compile it yourself using this post. Or you can download the compiled files here.

    Stopping apache2

    Before we start moving files and reconfiguring apache2, we stop it.

     $ sudo service apache2 restart 

    Moving files

    Continue reading

    Build mod_spdy with Apache 2.4 on Ubuntu 14.04

    This howto explains what you should do to build mod_spdy with Apache 2.4 on Ubuntu 14.04 ( Trusty Tahr ). You can also download mod_spdy for Ubuntu 14.04 on this page.

    Preparing the build environment

    rivy@buildhost:~/mod-spdy$ sudo apt-get -y install git g++ apache2 libapr1-dev libaprutil1-dev patch binutils make devscripts

    Cloning the 2.4.7 branch

    It’s important that we specify the correct branch. In the master branch you can find all code that works for apache 2.4.10. Since Ubuntu 14.04 is still using Apache 2.4.7, make sure to specify that branch.

    rivy@buildhost:~/mod-spdy$ git clone -b apache-2.4.7 https://github.com/eousphoros/mod-spdy.git

    Once you downloaded the branch, you should be able to change directory to it.

    rivy@buildhost:~/mod-spdy$ cd mod-spdy/src

    Building mod_spdy

    Continue reading