Sébastien Pittet

Aller au contenu | Aller au menu | Aller à la recherche

Technology enthusiast, Casual developer, ICT Professional working at Swisscom

Spéléologue, membre du Spéléo-Secours Suisse.

Adventures on Debian

Fil des billets - Fil des commentaires

jeudi, 13 septembre 2018

python-rrdtool setup

rrdtool.jpg

mardi, 11 septembre 2018

cron.hourly does not run

samedi, 15 avril 2017

I moved to LetsEncrypt

certbot.JPGIn December 2016, I wrote a post on this blog about StartCom SSL free certificates. StartCom (and WoSign) aren't trusted anymore.

If Internet Explorer and Edge are trusting StartSSL root certificates, this is not the case with Google Chrome. I had to move to another product. Letsencrypt is the Certificate Authority of choice : they are :

  • free
  • trusted by most internet browsers
  • providing even SAN certificates
  • supported by majors companies
  • but very short time limited! (by design)

This web server is running nginx on debian (Jessie) and is hosted at exoscale, a swiss cloud provider. I installed Certbot (an ACME client to request the certificate and to automotically renew it). It worked like a charm!

Here are some basic steps I needed to do, in order to have it running:

Add the following line in the file /etc/apt/sources.list

deb http://ftp.debian.org/debian jessie-backports main

Follow the instructions here (for nginx on debian Jessie). For other configurations, you will find the instructions here.

Then, don't forget to backup :

  1. your new nginx configuration file(s)
  2. Letsencrypt directory, under /etc/letsencrypt

Lastly, check the cron will run, as specified under:

/etc/cron.d/certbot

The log files are available in:

/var/log/letsencrypt/

My config is available in a github repository and the last qualys check gave the result A+.

qualys_rating.jpg

Some links:

mardi, 10 janvier 2017

Make sure your Python code is great

logo_1_.png