V33m
commented
3 years ago I like the idea! All PR's are very much welcome and appreciated towards increasing the quality of rtinst 👍
Open virtorgan opened 3 years ago
V33m
commented
3 years ago I like the idea! All PR's are very much welcome and appreciated towards increasing the quality of rtinst 👍
arakasi72
commented
3 years ago Yes both suggestions, being able to enter in domain name if the returned domain is incorrect in the same way we do for IP addresses, and using a cl flag to bypass changes to SSH, are good ones.
We will hopefully have time over Xmas to do some work on this.
Thanks for your suggestions.
haggletonpie
commented
3 years ago +1
In the meantime, it's easy to edit the rtletsencrypt script to declare the preferred domain name explicitly.
First, update the collection of rtinst script with...
sudo rtsetupThen edit the rtletsencrypt script...
sudo vim /usr/local/bin/rtletsencrypt.. and find this line...
serverdn=$(perl -MSocket -le "print((gethostbyaddr(inet_aton('$serverip'), AF_INET))[0])")... and then add this line immediately after it...
serverdn = "yourownactualdomainname.here.net"Worked perfectly for me. Thanks much for adding this script.
drew442
commented
11 months ago Here's a simple script to change the DN in the lets encrypt file as @haggletonpie suggested automatically. This can be run whenever you know that the lets encrypt file has been clobbered.
#!/bin/bash
FILE="/usr/local/bin/rtletsencrypt"
SEARCH_STRING="serverdn="
DESIRED_VALUE="your_desired_value_here" # Replace with your desired value
# Check if the file exists
if [[ ! -f $FILE ]]; then
echo "$FILE does not exist!"
exit 1
fi
# Check if the line exists in the file
if grep -q "^[[:space:]]*$SEARCH_STRING" "$FILE"; then
# If the desired value isn't present, replace the line
if ! grep -q "^[[:space:]]*$SEARCH_STRING$DESIRED_VALUE" "$FILE"; then
sed -i "s/^[[:space:]]*$SEARCH_STRING.*/$SEARCH_STRING$DESIRED_VALUE/" "$FILE"
echo "Value updated in $FILE."
else
echo "Value is already correct in $FILE."
fi
else
echo "The line with $SEARCH_STRING does not exist in $FILE."
fithen make it executable so that you can run it
chmod +x /path/to/update_serverdn.sh
if you're doing something that clobbers it regularly (not sure?) then you can add it to crontab to run at reboot or midnight for example
crontab -e
@reboot /path/to/update_serverdn.sh
0 0 * * * /path/to/update_serverdn.sh
I suppose a lot of rtinst users are using VPS or orther machines where the DNS records are useless and belong to a provider sub domain. then we use DNS provider to get our own domain or Dynamic DNS or reverse proxies. In all these cases the Reverse Lookup use in the script is useless since it will report the subdomain of the provider and not the DNS record we want. I did not found the possibility to manually set the Domain Name to get the correct Letsencrypt certificate. I ended up modifying the script manually which is not the intended result of such an automatized script.
Please look if you could add the option to define manually the domain name. Thanks.
P.S. Also adding the option to do not touch the actual SSH setup would be great for people already having certificate based ssh login. since again I had to modify the script to avoid breaking the ssh setup of my VPS provider. so --ssh-default should not touch ssh at all.
Thanks for the great work !