Let's Encrypt Livecode

Today I managed to install a Let's Encrypt certificate on DigitalOcean so that it works with revIgniter and Livecode.

Here you can find instructions for how to use Let's Encrypt's Certbot with the Ubuntu 14.04 and Apache setup we use with Livecode Server - certbot.eff.org

# Certbot commands

Here are some useful commands to find out what is going on with the certificates installed on the server.

./certbot-auto certificates

The above command lists any certificates already installed. The output looks something like this:

--------------------------------------------------- Found the following certs: Certificate Name: livecode.world Domains: livecode.world Expiry Date: 2017-09-03 08:49:00+00:00 (VALID: 74 days) Certificate Path: /etc/letsencrypt/live/livecode.world/fullchain.pem Private Key Path: /etc/letsencrypt/live/livecode.world/privkey.pem ---------------------------------------------------

# Upgrading the certificate

To upgrade the certificate manually you need to ssh to the server and issue the following commands to the certbot-auto script:

root@LiveWorld:~# cd tmp/ root@LiveWorld:~/tmp# ./certbot-auto --apache Upgrading certbot-auto 0.12.0 to 0.14.2... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: livecode.world

and follow the instructions.

# Adding a subdomain

You can use __certonly__ or __run__ subcommands to request the creation of a single new certificate even if you already have an existing certificate with some of the same domain names.

If a certificate is requested with run or certonly specifying a certificate name that already exists, Certbot updates the existing certificate. Otherwise a new certificate is created and assigned the specified name.

__--expand__ tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.

cd tmp ./certbot-auto certonly --apache --expand -d livecode.world,www.livecode.world,rest.livecode.world

From the documentation: --expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."

Don't forget to restart the server to load the new certificates if you are running nginx.

See updating existing certificates - certbot.eff.org

# Installation

I had an old certificate installed which i needed to manually remove from:

nano /etc/apache2/sites-enabled/000-default.conf

I then issued the commands found by following the instructions found certbot.eff.org

Which created the following conf files:

000-default.conf 000-default-le-ssl.conf

In the directory:

/etc/apache2/sites-enabled

which in term is usually sym-linked to files inside:

/etc/apache2/sites-available

Note: the reason for having to manually edit the 000-default.conf file was because it over-rides thenewly created 000-default-le-ssl.conf file that

https://certbot.eff.org/docs/using.html#apache