|
I can probably automate it now that it's fixed but I am concerned about the issues that I had to troubleshoot or similar cropping up again and maybe blowing up my site when I'm not around, so my other plan was to maybe have it send me mail just before I need to renew but I don't have qmail installed or anything like that.
I have other issues currently that are making demands on my time so I haven't fiddled with it. I figure I have about 80 days to come up with something.
To err is human. Fortune favors the monsters.
|
|
|
|
|
I find your experience very weird. Especially since you think everything needs to be unbound from http port before you can use certbot. The whole *point* of certbot is that it checks to see if the machine it is running on is the machine that it can reach a http site at... Therefore, they know who it is that requested the certificate.
FWIW, I have a bit of trouble with certbot because my default firewall configuration blocks http to internet, so I have to whitelist the port, run certbot, and unwhitelist every three months. Takes literally 5 seconds. I don't know what you're doing, but "it works on my machine"!
BTW, please don't blame Linux for what is clearly a certbot problem. Remember, Linux is fragmented, so there are many many good softwares and designs that you use on Linux constantly without realizing, and only a few that are bad. It's not all one giant corporation putting out completely bad stuff.... or updating constantly to provide new icon sets.
|
|
|
|
|
i will blame linux for having to %$#*)@ around with systemd far more than i ever should have to fix the problem.
To err is human. Fortune favors the monsters.
|
|
|
|
|
I had similar setup with certbot nginx and several services spanning 3 machines.
There are some hickups from time to time but mostly it works. Surprisingly because it is not like I am linux admin.
No more Mister Nice Guy... >: |
|
|
|
|
|
It is a principle in cryptography that only encrypting 'what is important' just tells adversaries what to focus on. It gives them valuable information that they would not otherwise have, and the last thing you want to give adversaries is any information.
Cheers,
Russ
|
|
|
|
|
Agreed. Linux is a POS based on something which was cool in 1968. However, I don't have a beard down to my balls, and I don't wear sandals, so...
|
|
|
|
|
Just wondering how/if this is a linux specific problem, and not just a certbot problem (or something else)? Would the same [equivalent] steps have worked any better on Windows?
Pictures of error messages, please "or it didn't happen ™".
Its been awhile, but I think I has a horrible experience with the certbot script and just set it up manually (using instructions similar to, if not the same as: https://ivopetkov.com/b/let-s-encrypt-on-ec2/, and never looked back. However, the referenced github repo doesn't seem to exist as-such anymore (and redirects to the certbot repo). But that does still includes the letsencrypt-auto script (for now).
|
|
|
|
|
It was the other day, and I've long since closed that session. I'm really not up to digging through my logs right now, especially since the problem has been resolved, at least for now.
To err is human. Fortune favors the monsters.
|
|
|
|
|
Not entirely sure this is the same kind of cert you're talking about, but have you looked into free SSL through Cloudflare? Automatic and zero work. Although, IINM, the free version is only SSL at the edge servers where everything is (eventually) cached, not SSL all the way to the host, unless you set it up that way. Edge node is fine for a lot of things.
|
|
|
|
|
Thanks, I'll look into that.
To err is human. Fortune favors the monsters.
|
|
|
|
|
|
I have a small Win32 app demo to show some algorithms on drawing 2D geometry.
I plan to convert or rewrite it in C# because I like to use this algorithm in my WinForm app.
any tips to share? it seems a little daunting to me...
diligent hands rule....
|
|
|
|
|
I guess (I'm not an expert) going from Win32 to Windows Forms is far easier than the opposite.
GDI+ is rather user-friendly, in my opinion.
"In testa che avete, Signor di Ceprano?"
-- Rigoletto
|
|
|
|
|
I second you.
C++ GDI+ and C# GDI+ are very similar, one-to-one function replacement. I ported my Outline Text from C++ to C# in one day.
|
|
|
|
|
My tip: do not.
"If we don't change direction, we'll end up where we're going"
|
|
|
|
|
I concur. If you must redo this demo as a C# application, write it from the ground up in C#. You'll end up with a more efficient application than if you do a straight conversion.
|
|
|
|
|
yes, I plan to go through the code and understand the logic, then rewrite it...
diligent hands rule....
|
|
|
|
|
What's it written in now?
Or, do you wish this to be a web app and hence C#?
|
|
|
|
|
Win32, written in C++. would like to convert it into C# WinApp to play around with the algorithms in it,,,
diligent hands rule....
|
|
|
|
|
Depends on the language the original was written in as well as how well-structured it is.
I would go about this by first and foremost separating business logic from plumbing. Then, by mapping the APIs used in the business logic part to .NET parts. While P/Invoking them is certainly feasible, that's only advised if the goal is defined as sticking as close as possible to the original and/or there's no corresponding .NET APIs.
|
|
|
|
|
thanks for you great experience!
diligent hands rule....
|
|
|
|
|
Not sure how we can answer that without knowing what language is it written in now?
|
|
|
|
|
Win32, written in C++.
diligent hands rule....
|
|
|
|
|
Ctrl+C Ctrl+V then start fixing the compiler errors.
Converted an ancient app to C#. The biggest problem was changing all the 1 based indexes to 0 based.
Wrote unit tests in both languages to ensure consistent behavior.
|
|
|
|
|
Repaired, uninstalled, re-installed, removed my main account, added it again, nothing worked.
And then I did some mystery move which fixed my Outlook problems.
Been at it for two hours now after these issues started yesterday... (didn't even know I had them until the end of the morning, maybe I've had them on Monday already!)
Let's just hope this'll be the last of it
|
|
|
|