Jacques,
Sorry, that was the README.md on the GetSSL project,
https://github.com/srvrco/getssl/blob/master/README.md, which is what
GitHub displays when you go to https://github.com/srvrco/getssl.
There are tons of Let's Encrypt clients out there. The infra team may
not have looked at many. The original client works well enough for many
people. It works well with Apache httpd, but I think it's harder to use
with Tomcat.
I have not looked for a Java client that can be integrated into OFBiz.
Richard.
Jacques Le Roux wrote:
Thanks Richard,
That's interesting. Which README are you speaking about ? I guess the
infra team is aware, but maybe we could push in this direction...
Jacques
Le 13/08/2017 à 17:03, Richard Siddall a écrit :
I have been using GetSSL (https://github.com/srvrco/getssl) instead of
the old Let's Encrypt ACME client. It's fairly easy to extend with
shell scripts to get challenge files in the correct place. I have not
used DNS challenges.
I just noticed that the README says "If you use puppet, there is a
GetSSL Puppet module by dthielking."
Richard
Jacques Le Roux wrote:
Hi,
Today I noticed our Let's encrypt certificate renewal failed. So I asked
help on Infra Hipchat. It's a known issue and actually easy to fix.
For history and possibly future need, here the discussion I had with
Chris Thistlethwaite:
[4:14 PM] Jacques Le Roux: Hi, we have an issue with let'sEncrypt
certificate (3 months, right?) renewal for OFBiz demos:
https://demo-trunk.ofbiz.apache.org
I remember we had that already, but did not find a request into my
closed infra request.
So I guess I asked for a solution here and did not note it
[4:15 PM] Chris Thistlethwaite: most likely in here :)
[4:16 PM] Jacques Le Roux: yep, but too late for history I guess
[4:16 PM] Jacques Le Roux: BTW we are Pupettized if that helps :)
[4:19 PM] Chris Thistlethwaite: @jleroux fixed!
[4:19 PM] Jacques Le Roux: Great stuff @christ :) What was it?
[4:20 PM] Chris Thistlethwaite: we have a bit of an issue with
letsencrypt renewals as the renewal process tries to use port 443, which
httpd is bound to, thus it fails. Work around is to stop httpd, run the
renewal, start httpd back up
[4:21 PM] Jacques Le Roux: I should be able to do that myself on our VM,
right?
[4:21 PM] Jacques Le Roux: Mmm not sure about "run the renewal"...
[4:21 PM] Chris Thistlethwaite: you have sudo on that right? if so then
yeah
[4:22 PM] Chris Thistlethwaite: check the cron job for root
[4:22 PM] Jacques Le Roux: Yes sudo I have
[4:22 PM] Jacques Le Roux: OK I note that, thanks !
[4:22 PM] Chris Thistlethwaite: np, hope we have that fixed before it
needs renewed again
[4:22 PM] Jacques Le Roux: yep, let's see ;)
FWIW (I did not try myself)
Jacques