going bonkers over letsencrypt
4 December 2018, 22:54
each time i set up a new letsencrypt certificat for my test vps i run into issues
despite my rave review of letsencrypt as supplied with hiawatha i now get a timeout, before it was unclear if the script would also generate the san for all virtualhostname entries in hiawatha.conf

so, i switched to using to find it works quite well and quite easily, i just cannot figure out how to get the certificates generated to work with hiawatha

4 December 2018, 23:42
okay, found it, it is working

helpful resource: (explains how the PEM cert is constructed)

## on Linux / BSD
# download most recent

chmod a+x

# install into ~/
./ --install --accountemail youraddress@email.tld

# generate a certificate
./ --issue -d domain.tld -d www.domain.tld -d blog.domain.tld -d stats.domain.tld --standalone --keystrength ec-256

cd ~/

cat domain.tld_ecc/domain.tld.key > /usr/local/etc/hiawatha/tls/domain.tld.key
cat domain.tld_ecc/domain.tld.cer >> /usr/local/etc/hiawatha/tls/domain.tld.key
cat domain.tld_ecc/ca.cer >> /usr/local/etc/hiawatha/tls/domain.tld.key

## just for sakes of checking, notice th fullchain.cer is also not identical to the domain.tld.key file
diff domain.tld_ecc/fullchain.cer /usr/local/etc/hiawatha/tls/domain.tld.key
5 December 2018, 22:47
Just to be clear, it's probably me, but i could not find the issue just gives a lot of control and is eventually workable and reproducible in effect
5 December 2018, 23:25
ignore whatever i said, i need to take time and study letsencrypt (teeths grinding)
Hugo Leisink
6 December 2018, 11:38
That's the case for many people.
Allowed BBcodes: