Labels

3G (1) 8600GT (1) AI (4) amazon (1) API (1) apple (3) apple mail (1) atlassian (1) audio (1) bambo (1) Bamboo (1) bloat (1) boost (1) bugbear (1) C++ (5) calling conventions (1) cdecl (1) chromecast (1) CI (1) compiler (1) continuous integration (1) coursera (1) custom domain (1) debugging (1) deltanine (1) diagnosis (1) diy (5) DLL (1) dns (1) don't be evil (1) ec2 (1) education (1) electronics (1) express checkout (1) fail (6) fink (1) firewire (1) free hosting (1) GAE (1) google (1) Google App Engine (4) H170 (1) hackerx (1) hackintosh (1) Haskell (3) homebrew (2) i1394 (1) icloud (2) iOS 9 (1) ipad2 (2) jobhunting (2) lag (1) letsencrypt (2) libjpeg (1) linux (1) mac (2) mbcs (1) mechanic (1) memory (1) MFC (3) Microsoft (1) migration (1) ML (1) mobile (1) movi (1) MSBuild (1) music (1) naked domain (1) NLP (2) o2 sensor (1) obd (1) Optiplex960 (1) osx (1) outlook express (1) payments (1) paypal (1) photos (2) PIL (1) Project Euler (1) projectmix (1) python (2) raspberrypi (3) recruitment (1) renwal (1) skylake (1) soundcloud (1) ssl (2) stdcall (1) stripe (1) subaru (2) supermemo (1) supermemo anki java (1) sync (2) Telstra (1) tests (1) thunderbird (1) udacity (1) unicode (1) Uniform Cost Search (1) university (1) upgrade (2) vodafail (1) vodafone (1) VS2010 (1) vs2013 (1) VS6.0 (1) weather (1) win (1) Win32 (1) Z170 (1)

Tuesday 26 July 2016

Letsencrypt certificate renewal process is awful!

So, my free 90 days letsencrypt certificate is about to expire.

I tried the auto-renew feature, but it does not work in manual mode. They intend it to be run automated and unattended, but I can't do that because I want to use the certificate on google app engine.

So basically, you have to re-issue the certicate , which means updating the challenge response on your website.

Well, I did all that, and generated a new certificate.

Unfortunately it expires the same time as the certificate I want to replace... WTF?

Anyway, I cleaned out /etc/letsencrypt and tried again from scratch:



sudo ./letsencrypt-auto certonly -a manual --rsa-key-size 2048 --email webmaster@mydomain.org.au -d shop.rhubarbfood.org.au

and this time it generated me a certificate with the correct expiry date. For future reference,

fullchain.pem is the public cert that appengine wants.

The private key needs to be fixed for google app engine:

openssl rsa -inform pem \
  -in /etc/letsencrypt/live/mydomain.org.au/privkey.pem \
  -outform pem 

the output of this command can be pasted straight into the text box in the appengine certificate page.

This time I documented it so I can rmember in 90 days time when I need to renew it again!