Let’s Encrypt service with Pound server Rumi, February 5, 2018 In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system) $sudo apt-get install git (if not previously installed) $cd /opt $sudo git clone https://github.com/certbot/certbot Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference. Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it: $sudo service pound stop once the service is stopped, run: $cd /opt/certbot $sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly by default, running the command above will generate the necessary key files (*.pem) in the following folder: /etc/letsencrypt/live/YOUR_DOMAIN/ now, we need to create a private key file that Pound can understand, to do so run the following: $sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! In order to enable your certificate we need to edit the Pound configuration file and add the entry for it: $sudo nano /etc/pound/pound.cfg on the HTTPS section add: Cert "/etc/ssl/YOUR_DOMAIN.pem" And thats pretty much it, you can start Pound back again: $sudo service pound start and your domain will be secured by Let’s Encrypt! Keep in mind that these certificates have an expiration period of 90 days, so you might have to manually renew using Cerbot each certificate, in order to avoid this process, you can automate it by adding a cron task that will auto renew your certificates for you. To do so, run the following commands: $sudo nano /etc/cron.monthly/letsencrypt and add the following: #!/usr/bin/env bash cd /opt/certbot ./certbot-auto renew \ --noninteractive \ --pre-hook "service pound stop" \ --post-hook "service pound start" Here is a nice sh script you can use to register multiple domains with pound: https://github.com/ffonaissak/letsencrypt-pound/blob/master/letsencrypt-pound.sh Here’s a complete tutorial including certificate auto renew: https://serversforhackers.com/video/letsencrypt-for-free-easy-ssl-certificates Src: https://antrecu.com/blog/configure-lets-encrypt-service-pound-server Related Collected Articles Configurations (Linux) PKI Let's EncryptPoundSSL
Installing new fonts in Collabora February 24, 2023 For the core MS fonts: sudo apt-get install ttf-mscorefonts-installer You may be asked to accept the license agreement, i was not asked. They end up in /usr/share/fonts/truetype/msttcorefonts Next is to install the clear types such as calibri This is a bit different but can be done with the vista fonts… Read More
MRTG Indexmaker September 5, 2011September 5, 2011 Regular shorcut way: #indexmaker /etc/mrtg.cfg > /var/www/mrtg/index.html Now you need to reboot your system wait for five minutes or so and then take a look at your summary home page. If your Debian,ubuntu,kubuntu system’s IP address is 192.168.0.1 then you’d type in the following in the address bar of a… Read More
Installing NRPE For Icinga on Ubuntu 10.10 & CentOS 5.5 June 11, 2012June 11, 2012 I currently have Icigna 1.2 (classic, web, and mobile) running on Ubuntu 10.10. I have a few other Linux servers that I would like to monitor as well. There is a good amount of information on installing Nagios and things to accompany it but Icigna documentation and blogs are fewer…. Read More