Well if you are using letsencrypt with a password protected website is hard to renew the ssl because you need to bypass that .
If you have access to httpd conf the easy solution is to add this
<Directory /var/www/path/.well-known/> Order allow,deny Allow from all Satisfy any </Directory> Then restart the apache/httpd.
Today try to move the path of mysql to new one , because on ec2 I was left without space.
Well I have stopped the mysqld copy files modity the my.cnf with new datadir but when try to start .. well didn’t started .. After a little dmesg search see that on ubuntu is apparmor .
Try to make alias into file /etc/mysql/mysql.conf.d/mysqld.cnf but didn’t resolve the problem
Find out that you have to edit also /etc/apparmor.d/usr.sbin.mysqld
and add
/db/data/mysql r
/db/data/mysql** rwk
After this mysqld started with new path.
Today tried to renew some ssl and surprise
certbot-auto renew
Error: couldn’t get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
File “/opt/eff.org/certbot/venv/bin/letsencrypt”, line 7, in <module>
from certbot.main import main
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py”, line 10, in <module>
import josepy as jose
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py”, line 41, in <module>
from josepy.interfaces import JSONDeSerializable
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py”, line 8, in <module>
from josepy import errors, util
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py”, line 4, in <module>
import OpenSSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py”, line 8, in <module>
from OpenSSL import rand, crypto, SSL
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py”, line 12, in <module>
from OpenSSL._util import (
File “/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py”, line 6, in <module>
from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding
Well tryied everything
rm -rf /opt/eff.org ( didn’t worked for me )
Reinstalled same problem.
The only solution was this found on a comment on github
$ unset PYTHON_INSTALL_LAYOUT
$ /opt/eff.org/certbot/venv/local/bin/pip install –upgrade certbot
$ /opt/eff.org/certbot/venv/local/bin/certbot –help
I do have a haproxy that is serving the ssl frontend and the apache is on 80 port. But the wordpress see the 80 port and is not forcing to use the ssl as links for css/js
So to force wordpress to generate ssl internal links you need to add this into wp-config.php
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
Offcourse on the haproxy you need to have
reqadd X-Forwarded-Proto:\ https
Well I see something in log
[3765] 30 Jan 11:31:10 * 1 changes in 900 seconds. Saving…
[3765] 30 Jan 11:31:10 # Can’t save in background: fork: Cannot allocate memory
To fix this redis error you need to
echo 1 > /proc/sys/vm/overcommit_memory sysctl vm.overcommit_memory=1
Powered by WordPress