system/letsencrypt: Updated for version 0.14.1.

Apache Plugin is now enabled, Thanks to Eric Pratt. Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2024-11-18 22:06:04 +01:00 · 2017-05-14 09:55:23 +07:00 · 2017-05-14 09:55:23 +07:00 · 724cc20ed2
commit 724cc20ed2
parent 1af8006c57
3 changed files with 39 additions and 23 deletions
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@ -1,12 +1,12 @@
-PLUGIN SUPPORT
+PLUGINS SUPPORT
 letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
-However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now
-and nginx is still considered very experimental.
+However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way
+as it doesn't require the webserver to be taken offline causing downtime during validation.
+
+All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
+Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf

 OBTAINING CERTIFICATE USING STANDALONE PLUGIN
-Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly"
-as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin.
-
 Here's what i use to create a certificate using port 443 for domain validation
 certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
 --email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
@ -16,23 +16,33 @@ If you want to use port 80 for domain validation, replace
 with
 --preferred-challenges http-01

+Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains.
+Just run letsencrypt or certbot and you will see all domains are available.
+
 NOTE:
 You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
 temporarily stop your exising webserver)
-All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>

-Once certificate is created, you need to enable and configure httpd-ssl.conf
+OBTAINING CERTIFICATE USING APACHE PLUGIN
+Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware.
+
+Here's what i use to create a certificate using port 443 for domain validation
+certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
+--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text

 RENEWAL PROCESS
-Best way is to use a simple bash script that perform following actions:
- turn off httpd service
- give some delay (2s is enough)
- run the above command to renew automatically
- start httpd service
+Best way to automate the certificate renewal is by using cron service.
+Create a bash script in /etc/cron.d/monthly that does the following actions (depending on which plugin you used):
+Standalone: - turn off httpd service
+            - give some delay (2s is enough)
+            - run the same command generate the certificate to renew automatically
+            - start httpd service
+Apache Plugin: run the same command to generate the certificate to renew automatically

 RATE LIMIT
 Rate limit on registrations per IP is now 500 per 3 hours.
 Rate limit on certificates per Domain is now 20 per 7 days.
+See complete documentation here: https://letsencrypt.org/docs/rate-limits/

 CONFIGURATION FILES

@ -56,8 +66,8 @@ rsa-key-size = 4096
 # Uncomment to use a text interface instead of ncurses
 # text = True

-# Uncomment to use the standalone authenticator on port 443
-# authenticator = standalone
+# Uncomment to use the standalone or apache authenticator on port 443
+# authenticator = standalone / apache
 # preferred-challenges = tls-sni-01

 # Uncomment to use the webroot authenticator. Replace webroot-path with the
--- a/system/letsencrypt/letsencrypt.SlackBuild
+++ b/system/letsencrypt/letsencrypt.SlackBuild
@ -24,7 +24,7 @@

 PRGNAM=letsencrypt
 SRCNAM=certbot
-VERSION=${VERSION:-0.14.0}
+VERSION=${VERSION:-0.14.1}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

@ -72,6 +72,12 @@ find -L . \

 sed -i "/'argparse',/d" setup.py
 sed -i "/'argparse',/d" acme/setup.py
+sed -i 's/apache2ctl/apachectl/' certbot-apache/certbot_apache/constants.py
+
+for i in $(grep -ri /apache2 * | cut -d: -f1 | sort -u)
+do
+  sed -i 's/\/apache2/\/httpd/' $i
+done

 # install acme-protocol first
 cd acme
@ -79,17 +85,17 @@ python setup.py install --root=$PKG

 # install letsencrypt client
 cd ..
-
 python setup.py install --root=$PKG

 # this plugins are not working for Slackware yet, but we will keep it here

 # install apache plugin
-#cd letsencrypt-apache
-#python setup.py install --root=$PKG
+cd certbot-apache
+python setup.py install --root=$PKG
+cd ..

 # install nginx plugin
-#cd ../letsencrypt-nginx
+#cd ../certbot-nginx
 #python setup.py install --root=$PKG

 find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
--- a/system/letsencrypt/letsencrypt.info
+++ b/system/letsencrypt/letsencrypt.info
@ -1,8 +1,8 @@
 PRGNAM="letsencrypt"
-VERSION="0.14.0"
+VERSION="0.14.1"
 HOMEPAGE="https://letsencrypt.org/"
-DOWNLOAD="https://github.com/certbot/certbot/archive/v0.14.0/certbot-0.14.0.tar.gz"
-MD5SUM="d96ee153d27604ce1a52b19f674a56f1"
+DOWNLOAD="https://github.com/certbot/certbot/archive/v0.14.1/certbot-0.14.1.tar.gz"
+MD5SUM="9a0833266ea026e882009c6fe27ff49b"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
 REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing"