LetsEncrypt Installation question

installation
letsencrypt

#1

Not sure where to post this. This is a general question in regards to LetsEncrypt.

I have LE installed and running just fine. I didn’t follow the directions initially as per the Wiki ( https://plaza.quickbox.io/t/install-lets-encrypt-on-your-seedbox/99/3 )

I initially tried to install it using LE’s documentation ( https://certbot.eff.org/#ubuntuxenial-apache )

But I ran into issues using those instructions. It said to install it using the command

apt-get install python-letsencrypt-apache

I thought, well, Python is installed, and so is apache, so I just ran it without python and apache (apt-get install letsencrypt)

But I ran into some errors saying:

The requested apache plugin does not appear to be installed

I ended up installing LE via your wiki above (with the change of certonly

sudo /opt/letsencrypt/letsencrypt-auto --apache -d sub.mydomain.tld certonly

I then added the certificate to the /apache2/sites-enabled/default-ssl.conf

working fine.

I didn’t have to run the sed command as I manually added the cert myself and the letsencrypt script didn’t leave its vhost.conf after it ran its verification.

But I did run a dry-test run of the renewal process. Again, I tried to use the installation method from LE’s documentation, running letsencrypt. Again, error with it saying that the apache plugin was not installed.

I had to run it using the git install, ./letsencrypt-auto to do the renewal.

And this is where my questions are.

1 Why couldn’t I run letsencrypt from the install I tried to do? It kept saying the apache plugin did not appear to be installed, even though obviously, it is.

My only guess is that maybe it is expecting apache1 to be installed, and we are using apache2 instead? But even so, when running it from the git clone, it didn’t have any issues there? I am not sure what the difference is between running letsencrypt vs the git clone ./letsencrypt-auto (I would assume to be the same?)
2. I noticed, that both during the initial certification, and the renewal process, it installed Python, “again” and everytime it is run.

This is the log from the renewal:

Bootstrapping dependencies for Debian-based OSes...

(seemed to update packages from the Ubuntu repos)

Building dependency tree
Reading state information... Done
augeas-lenses is already the newest version (1.4.0-0ubuntu1).
ca-certificates is already the newest version (20160104ubuntu1).
gcc is already the newest version (4:5.3.1-1ubuntu1).
libaugeas0 is already the newest version (1.4.0-0ubuntu1).
libffi-dev is already the newest version (3.2.1-4).
python is already the newest version (2.7.11-1).
python-dev is already the newest version (2.7.11-1).
dialog is already the newest version (1.3-20160209-1).
python-virtualenv is already the newest version (15.0.1+ds-3).
virtualenv is already the newest version (15.0.1+ds-3).
libssl-dev is already the newest version (1.0.2j-1+deb.sury.org~xenial+1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Even in the output, it states that the latest python is already installed, only to go ahead and install it again.

This happened in both initial install, and renewal. I imagine, that every time it renews, it is going to do it again (and fill up the log file).

Is this normal?

Again, I don’t really have any issues with LE at all. It is up and running, I have the cron job set up. Just, wanted to find out why the installation had to go the way it did. And I know the cron log file is going to fill up needlessly with that output.


#2

I am not terribly sure in regards to the third-party method you attempted. It could be something to do with the way they make use of the bot, whereas we just make use of the LE git repo with a direct clone of the application.

Some sources use ‘Certbot’ which actually deploys the LE certificates. However, our method bypasses the need for any third-party installation app as we’re placing the certs (in-house) and registering them to the certificate authority directly.

This is why we recommend a certain method to be used with QuickBox :slight_smile:


#3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.