hach-que
commented
8 years ago Can you give me a startup log? What does Let's Encrypt output?
Does the Let's Encrypt startup work for PHABRICATOR_HOST?
Closed sheershoff closed 7 years ago
hach-que
commented
8 years ago Can you give me a startup log? What does Let's Encrypt output?
Does the Let's Encrypt startup work for PHABRICATOR_HOST?
sheershoff
commented
8 years ago Yes, it works for PHABRICATOR_HOST, but 15-https is missing PHABRICATOR_CDN mentions at all. So the installation now tuns ok with https but without the PHABRICATOR_CDN option.
If I enable the PHABRICATOR_CDN option when I point another domain to the same machine and open the PHABRICATOR_HOST url, css and images are missing, so the web part of phabricator becomes unusable. If I open some css file from the PHABRICATOR_CDN, the browser comes up with the "Security issue, that's a trap, run for your life!" message. Changing https to http gives me the correct css file.
So, I checked nginx.conf and read the nginx docs. It seems that the easiest way would be the alternateDomainName option that incorporates several domains into one file.
If I enable the PHABRICATOR_CDN option the 15-https log portion is the following:
[ STARTING ] /etc/init.simple/15-https
Upgrading certbot-auto 0.7.0 to 0.8.0...
Replacing certbot-auto...
Traceback (most recent call last):
File "/root/.local/share/letsencrypt/bin/letsencrypt", line 11, in <module>
sys.exit(main())
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 735, in main
return config.func(config, plugins)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/main.py", line 576, in obtain_cert
notify("Certificate not yet due for renewal; no action taken.", pause=False)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/certbot/display/util.py", line 78, in notification
self.dialog.msgbox(message, height, width=self.width)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 3016, in msgbox
kwargs)
File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/dialog.py", line 1765, in _widget_with_no_output
widget_name, output))
PythonDialogBug
Applying post-letsencrypt script...
[ STARTING ] /etc/init.simple/20-postfixUPD: it's actually the same in logs if I disable it. Sometimes the log contains no errors.
hach-que
commented
7 years ago Support for this is being worked on.
hach-que
commented
7 years ago This is now implemented in the latest version.
As far as I understand, I can point the PHABRICATOR_CDN to another domain that points to the same machine to serve files from another domain but from this machine and this should do the security trick since we're not authorized on the alternate domain.
I'm using letsencrypt way. And the certificates do not not work. I've checked the 15-https file and tried to improve it, but got stuck on --csr option and DER format.
Is it possible to automate the CDN portion with letsencrypt?