Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#25 2017-08-26 10:40:11

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Hi jp

I started by checking the WF forum post that you linked to but WF support directed me to another method which I find confusing.

Thanks for the 3 easy steps reminder. I’ll look into it.


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#26 2017-08-27 06:34:10

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,090
Website GitHub Mastodon Twitter

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Could somebody please shed some light re my question here?


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#27 2017-08-28 06:13:17

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #306731:

Could somebody please shed some light re my question here?

I’m not expert enough on ruby, but presumably for the System Ruby method, you can use uninstall in place of install, but use the entire command as given on the GitHub page to ensure you’re working with the relevant ruby installation locations:

GEM_HOME=$HOME/.letsencrypt_webfaction/gems RUBYLIB=$GEM_HOME/lib gem2.2 uninstall letsencrypt_webfaction

I can’t comment on the RBenv way, but if you had already done the System Ruby method, you don’t need the RBenv as well. As I understand it, the instructions are either/or.

Before you do that, try updating you existing letsencrypt_webfaction installation. The command is identical to running the install command a second time.

Did you try running the command under Testing and then looking in the webfaction admin area at SSL certificates? Running the command showed no output in the terminal (= success) and the test certificate appeared in the webfaction admin area (after revisiting the page). If you get that far, you should be ready to go with the rest.

One thing that was mentioned in one of the other tutorials is that the letsencrypt_account_email you use should be associated with your webfaction account.

EDIT: here and here are some notes about uninstalling rbenv if you used that method.


TXP Builders – finely-crafted code, design and txp

Offline

#28 2017-08-28 06:33:21

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

colak wrote #306731:

Could somebody please shed some light re my question here?

PS the latest from Webfaction:
“Our development team are working on implementing Let’s Encrypt to WebFaction control panel, but there is no ETA for this yet”.


…. texted postive

Offline

#29 2017-10-01 16:26:43

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Yannis,
Have you been able to install your certificates? I just tried the method recommended by Webfaction successfully, after a bug fixed by the author of the script.

If you need it, can I provide you with a step-by-step tutorial.

Last edited by jpdupont (2017-10-01 16:27:06)

Offline

#30 2017-10-02 01:27:54

bici
Member
From: vancouver
Registered: 2004-02-24
Posts: 2,091
Website Mastodon

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

jpdupont wrote #307269:

Yannis,
Have you been able to install your certificates? I just tried the method recommended by Webfaction successfully, after a bug fixed by the author of the script.

If you need it, can I provide you with a step-by-step tutorial.

i would like to install it. i am on Webfaction


…. texted postive

Offline

#31 2017-10-02 15:34:18

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

Here is my tutorial : Installation of Let’s Encrypt certificates on Webfaction
Method recommended by Webfaction …

Last edited by jpdupont (2017-10-04 21:52:41)

Offline

#32 2017-10-04 21:49:59

jpdupont
Member
Registered: 2004-10-01
Posts: 752

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

I just installed a certificate on a new site, and a new Webfaction server by following my step-by-step tutorial successfully.

Small modification in the tutorial regarding the creation of the site safe and the site not secure. Updated file.

Offline

#33 2018-02-20 12:38:07

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

JP,

Your instruction has the following note:

Note : Check that the .well-known hidden folder is present in your application folder !

My app folder on WebFaction does NOT have .well-known in it. At least not according to using ls -a via command-line. Does that get added in course of following these instructions, or is that something every app folder is supposed to have?

Offline

#34 2018-02-20 12:59:07

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

For the record, I’ve been using Neil Pang’s wonderful acme.sh script on WebFaction, and it has always worked fine, until today. I’m adding a new subdomain and wanted to include that on an existing cert for that root domain. In other words, one cert for all of these:

  • domain.tld
  • www.domain.tld
  • sub.domain.tld
  • www.sub.domain.tld

I’ve ditched the old cert that was originally mounted for the first two, and I’m redoing it to work on all four.

But I’m getting these errors on tests:

domain.tld:Verify error:Invalid response from http://domain.tld/.well-known/acme-challenge/[long string here]

It seems that folder, .well-known, is missing each time and causing verification issues.

I wonder if this is why WebFaction is suggesting people use the “will-in-wi” approach instead? They’ve made changes somewhere that favors it?

One obvious advantage is the cron job automation for updates, which I didnt’ have with the acme.sh approach.

Offline

#35 2018-02-20 15:55:50

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

JP,

More Qs…

Step 2

For this command:

letsencrypt_webfaction --config ~/le_config/config.monsite.yml

I’m guessing that is for a real cert. What if I just want to test? Is it as easy as this…

letsencrypt_webfaction --test --config ~/le_config/config.monsite.yml

And there’s a line that says (referring to the CL output)…

Add the --quiet parameter in your cron task to remove this message.

Do you mean that could be used in the command above, or is that supposed to go in the crontab line in step 3?

Step 3

The crontab line, it begins with:

0 0 1 1-11/2 * ...

But then your example lines show:

0 1 2 */2 * ...

What’s the difference? How does one decipher the values there?

Also, at the end of the line, there is nothing like this:

... >> $HOME/logs/user/cron.log 2>&1

But then you include them in the example lines. What is going on there, exactly? Do we add them for each line exactly as shown?

Finally, is it safe to add a blank line between crontab lines? I’ve not worked in a file like that before, but it would be good for me to discern lines easier with a blank if possible.

Offline

#36 2018-02-20 16:56:22

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: Non-HTTPS Sites Labeled "Not Secure" by Chrome

For convenience, I’ve made a web doc for JP’s instructions and tried to clear some things up for myself, though it’s very beta at the moment and still needs the questions above answered for my own benefit and a second round of revisions.

If anyone wants to test and chime in with suggestions, please do.

I have also not actually used the doc yet, which I’ll get to tomorrow-ish. So, still needs fool-proofed.

=================

Update: The above link no longer exists (sorry). The tute now describes a new process using acme.sh and a cron job, not Ruby gems as JP’s tutorial describes. See the new instruction file.

Offline

Board footer

Powered by FluxBB