Skip to content

Confconsole - Let's Encrypt fix (take 2)
Compare
Choose a tag to compare
@JedMeister JedMeister released this 04 Dec 03:13
v1.1.2
This tag was signed with the committer’s verified signature.
JedMeister Jeremy Davis
GPG key ID: 6D0CA24B0C5CC21B
Learn about vigilant mode.
5ca3351

This is a minor bugfix release based on v1.1.1.

It includes all the fixes implemented in v1.1.1, plus this release also resolves turnkeylinux/tracker#1387 - where the add-water server was autostarting at (re)boot.

New users, please skip down, straight to the "How to install/update" section for instructions (non-root users, please note the relevant section).

Note for users who have already installed the v1.1.1 fix:

If you have already installed v1.1.1 and followed the instructions, you don't need this update. Instead you can just manually disable add-water (as per step 3a in the updated v1.1.1 release notes) like this:

systemctl disable add-water

If you haven't already updated, then please follow these instructions below.

Note for non root users: If you are not logged in as the root user, then many (most? perhaps even all?) of these commands will require sudo. Rather than having to do that, the easier path is to first open a root shell like this:

sudo su -

Then you can follow the commands exactly as posted below. Once you are done, exit the root shell via exit.

How to install/update

Assuming that you have not used Confconsole's Let's Encrypt integration before, or you have used defaults (except for the domains you are registering) then the below should "just work". If you have a customised setup then hopefully you'll know what you're doing! 😄

  1. Remove deprecated files (confconsole.config & confconsole.hook.sh - also the default cron job):
rm -rf /etc/dehydrated/confconsole{.config,.hook.sh}
rm -rf /etc/cron.daily/confconsole-dehydrated
  1. Install newer Dehydrated version from stretch-backports (backports no longer required, new version now in 'stretch main'):
apt update
apt install dehydrated
  1. Download and install the updated Confconsole:
wget https://github.com/turnkeylinux/confconsole/releases/download/v1.1.2/confconsole_1.1.2_all.deb
apt install ./confconsole_1.1.2_all.deb
  1. [Optional] If you have previously used Confconsole (or Dehydrated) to get Let's Encrypt certificates before, you are recommended to move your old Dehydrated data out of the way (alternatively it can be deleted). New users can skip this step:
mv /var/lib/dehydrated /var/lib/dehydrated.bak
mkdir -p /var/lib/dehydrated/acme-challenges
  1. Accept the Let's Encrypt Terms of Service (all users):
/usr/bin/dehydrated --register --accept-terms
  1. Get certs! 😄

You should now be good to go. If you have not used Confconsole to get certificates from Let's Encrypt on this machine previously, it is recommended that you set it up via Confconsole:

confconsole

Then select Advanced >> Lets encrypt and follow the prompts. See the full Confconsole docs for further info.

Alternatively, if you have already been using the Confconsole Let's Encrypt/Dehydrated plugin to get your certificates, but just need to update them, you can launch the dehydrated-wrapper script directly like this:

/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper

Furthermore, this will almost certainly be the final release of Confconsole for v15.x (based on Debian 9/Stretch). Future releases of Confconsole will be Python3 based (work already done) and available only in (the upcoming and as yet unreleased) v16.x.

Assets 3
Loading