WebFaction
Community site: login faq
0
1

I need to use Let's Encrypt. I'm not a skilled developer; more of a dabbler, but with an IT background. I've used ftp, but never used SSH up until now.

Webfaction Support for Let's Encrypt

I have read the other posts on the subject and I also opened a ticket for help (when I enrolled in the Let's Encrypt Beta), but was told "The email you sent me was the steps need to create the certificate, that is something we can not do for you.

Once the certificate is generate we will be able to install it."

Webfaction: I love your hosting, but the response to this issue is not good enough. At least give us a guide (for example, Gandi offer this guide: http://wiki.gandi.net/en/tutorials/letsencrypt ). You will lose customers over this issue.

What I tried and where I got stuck

I connected via OS X's Terminal to my server, using the command:

ssh my_username@my_server_name.webfaction.com

(I'm using "my_username", "my_server_name", and "my_ip_address" in this post, but I did of course use the real ones when carrying this out.)

This gave me an error:

The authenticity of host 'my_server_name.webfaction.com my_ip_address' can't be established.
ECDSA key fingerprint is SHA256: ... (hash)...
Are you sure you want to continue connecting (yes/no)?

If you say "no", then reissuing the SSH command gives you the same error. If you say "yes", it saves the exception (I'm not sure if this is what this error means: "Warning: Permanently added 'my_server_name.webfaction.com' (ECDSA) to the list of known hosts."). It then asks for my password. I'm not sure if using SSH unauthenticated this way is an issue (sounds like it should be).

Once I said "yes" and entered the password, I could reissue the SSH command:

ssh my_username@my_server_name.webfaction.com

...then:

git clone "https://github.com/letsencrypt/letsencrypt"

...which installed the letsencrypt client; then:

cd letsencrypt

...to change to its directory; and then:

letsencrypt-auto --help

This last command with the "help" parameter, is actually supposed to install the software(!) for the server's configuration.

Accordingly, I got the messages:

Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
[sudo] password for my_username:

On entering the password, I got the message:

my_username is not in the sudoers file.  This incident will be reported.

(Cue feelings of being back at school...)

So...

I'm now at deadlock. Webfaction support tell me that I need to generate the certificate, but the server doesn't give me the authority to do so.

I know that there is a method to generate the certificate on my Mac ( https://community.letsencrypt.org/t/installing-and-configuring-letsencrypt-on-a-mac-os-x-client-server/8407 ), but the prerequisites (Homebrew, Xcode, Pip, virtualenv) are too complex for my understanding.

What am I supposed to do?

p.s. My server now has Let's Encrypt installed in its directory. How to I delete this? Is it sufficient to delete the directory?

p.p.s. If someone can give me the things I need to do on the server in bare-bone form, I'm happy to flesh it out into a full guide.

asked 15 Mar '16, 21:14

JustAnotherWebFactionUser's gravatar image

JustAnotherW...
438
accept rate: 33%


Good news! I finally got this working with williaminwi's excellent LetsEncrypt WebFaction tool, after he kindly updated the readme.

Even better news: I wrote a full guide for server-newbies who are running WordPress and just know the bare bones (which is where I was a few weeks ago). You can see the guide in the project's wiki.

Let me know (there) if you have any issues with the guide and I'll try to make it clearer.

I'm hoping that, as it's a step-by-step guide, it may also be useful for the WebFaction programmers who are automating these steps in the Control Panel. WebFaction: you are in the process of automating this in the Control Panel, right? :-)

permanent link

answered 02 Aug '16, 14:44

JustAnotherWebFactionUser's gravatar image

JustAnotherW...
438
accept rate: 33%

Thank you for your contribution. Our development staff is working on how we handle SSL certificates and supporting Let's Encrypt more natively.

(02 Aug '16, 14:58) aaront ♦♦ aaront's gravatar image

Could you give feedback on how the documentation is difficult? I wrote the aforementioned tool, and I (along with the help of other contributors) have been working on making it more user friendly. I'd love to hear your take and if there are any pitfalls that I've missed on installation.

permanent link

answered 18 May '16, 02:53

williaminwi's gravatar image

williaminwi
414
accept rate: 0%

I've put this in an answer below (not sure if I can go on at too much length in a comment)

(04 Jul '16, 19:49) JustAnotherW... JustAnotherWebFactionUser's gravatar image

There is a tool available that will help you generate a Let's Encrypt certificate on your WebFaction server: LetsEncrypt Webfaction

permanent link

answered 15 Mar '16, 22:05

seanf's gravatar image

seanf ♦♦
11.5k21333
accept rate: 37%

Thanks Sean. This is useful, but unfortunately the level of documentation is way too advanced for an average user (and I'm above average, having worked in a tech support role in the past).

However, I'm willing to research and try it out.

First steps, though: To use this, I presume that I need to uninstall the previous letsencrypt that I installed (with the command git clone "https://github.com/letsencrypt/letsencrypt" ). How do I do this?

(16 Mar '16, 16:15) JustAnotherW... JustAnotherWebFactionUser's gravatar image

If all you did was run git clone https://github.com/letsencrypt/letsencrypt, then you can undo that by running rm -rf letsencrypt in the same directory you were in when you ran the git clone command.

(16 Mar '16, 18:37) seanf ♦♦ seanf's gravatar image

I think the letsencrypt-webfaction tool looks interesting, but there's a lot to digest in order to have confidence that (1) being a Python person I would be using it properly, and (2) given WebFaction's hosting environment it would do the right thing.

Don't be offended about (1): when people strongly advocate the various Python package delivery mechanisms as cure-alls, I tend to push back because it is a burden for administrators to familiarise themselves with every last language-specific tool that does things its own way. Things like the multitude of Python-based solutions (setuptools, pip, virtualenv, <insert project of the month here>) would be as bewildering to Ruby people (and, indeed, to most Python people) as RBEnv and Ruby Build are to me having seen them mentioned for the first time now. Integration of software into the natural administration environment is the real solution here.

As for (2), I know there's a front-end server for which the certificate would need to be deployed, and I don't think I have any control over it. I also don't have any overview of how the different servers interact. So, a lot of this stuff is mysterious and I just work with the results of what WebFaction's control panel does. I do actually know how to configure Apache and have configured other Web servers in the past, although I've mostly steered clear of nginx. A serious concern here is that WebFaction might have done something special that breaks normal expectations that might then lead to a misconfiguration, like they managed to do with Python's distutils, but that's another annoying story.

But I'd agree with others that WebFaction are trailing the pack on this matter.

permanent link

answered 27 May '16, 22:17

pboddie's gravatar image

pboddie
111
accept rate: 0%

First off, thanks for responding and apologies for my taking so much time to get back to this.

I have also seen the https://community.webfaction.com/questions/19988/using-letsencrypt, but don't find it any easier to understand.

As I said previously, I'm not a complete newbie: I've worked in tech support roles, but they do not include server technologies, nor programming environments. I dabble in PHP and CSS. I even know DOS from the 80s, have a Linux box and write scripts on my Mac, so I'm no stranger to the command line. Other than that, however, I'm just an above average WordPress user.

I should also confess that I done stints writing user documentation, so I'm a harsh critic. Forgive me if the combination of server-idiot/docs-expert is a tough one :)

Could you give feedback on how the documentation is difficult

I assume by the documentation, you mean the https://github.com/will-in-wi/letsencrypt-webfaction. That's what I critique below. I add (Qx) question numbers to areas I don't understand, so this can serve both to improve the documentation and also answer the specific questions. I'm happy to help re-write the instructions with idiot-proof answers (that is, I'm happy to be the idiot in question).

(Q0) Would using https://certbot.eff.org make any of this easier?

If not, on to the tool-specific info in the readme:

Installation

It can be added to cron...

Sounds great.

(Q1) What's cron? (I have a vague idea, but need info on how to run it.)

(Q2) How do I access it?

(Q3) What are the commands?

You can install LetsEncrypt Webfaction using the system Ruby or using RBEnv.

(Q4) Why would I want to use the more complex method to install?

System Ruby:

Run the following command to install:

(Q5) Where do I run it? I have several sites. Do I run this in the same directory as .bash_profile? (What's this directory called in shared-server parlance?)

(Q6) How do I access the server to run it?

I have Yummy FTP Pro and it looks like Sending a raw command might be what I want, but it's not clear. (Remember, unlike messing around on my own PC/Mac, the average user is worried about bricking their server, so they don't want to screw up.)

Last time I tried (in the original question above), I managed to get as far as using ssh from my own Mac, so I presume I did this right (but am not sure, as I had so many errors).

GEM_HOME...

(Q7) Is $HOME what I literally type, or is this something I need to substitute? (This isn't clear throughout. It would be good to state at the top that "x" should be substituted by "y" in all the commands.)

(Q8) What does this command do? (Remember that running commands from advice you saw on a page on the internet is generally not recommended for the average user, so some pointers that reassure what the commands do would be useful.)

(Q9) If I'm installing something, will I need to make sure in future that it is up to date with fixes etc? (This whole area is not clear to me: does Webfaction update my server's software, or is it my responsibility? And for stuff that I install like this, who's responsable?)

Then run source $HOME/.bash_profile

(Q10) Is this a command? That I type as-is?

Now, you can run letsencrypt_webfaction from the shell.

(Q11) Do I run this in the same directory as .bash_profile?

(Q12) What does this command do?

Usage

(Q13) Usage for what? To generate a certificate?

(Q14) What is the account_email? Does it have to be the email that I have associated with Webfaction, or can it be anything? (There's more on this below in the documentaion, but it should be here.)

(Q15) Can the domains be anything? So if I host example1.com, www.example1.com, example1.xyz, www.example1.xyz, and example2.com on this webfaction account can I specify all of them in one command? Will this create 5 certs, or 1 cert that's used for all?

--public ~/webapps/myapp/public_html/

(Q16) Do I need to substitute something for "myapp"? What?

(Q17) I have several webfaction apps for the various domains I have. Do I therefore need to run the letsencrypt_webfaction command for each app?

(Q18) Where will the certificate be generated? (There's more on this below in the documentaion, but it should be here.)

(Q19) What do I need to send to Webfaction to get it "activated" (not sure the correct term)? (Again, there's more on this below in the documentaion, but it should be here.)

Cron usage

(Q20) Where do I put this task?

(Q21) If the certs expire every 90 days, why do you renew every 60 or so? Is it OK to renew before expiry?

(Q22) Do I need to do anything else?

Detailed examples

I won't cover most of this section, as it's for more advanced users anyway, but regarding:

A config file needs to be in YAML format and have a subset of the keys in config.defaults.yml. If you use a config file, you pass the --config ./myconfig.yml parameter.

(Q23) Pass to which command? letsencrypt_webfaction?

Operation

When the code runs...

(Q24) Which code? From which command? The command in the "Usage" section? It would be better if this info were placed above, where the relevant command is listed.

If you see messages containing SyntaxErrors, you are most likely using an old version of Ruby. This utility requires Ruby 2.1+

(Q25) How do I know what version I have? Am I responsible for updating it? Isn't this standard?

Public folders

For this utility to work, it is assumed that there is a folder which is directly served at http://yourdomain/ into which the ACME verification files can be placed

Not too clear what this means:

(Q26) If I have a website that an internet user can see when they type "http://example.com" I'm OK?

(Q27) If I have used the standard WordPress install on Webfaction, am I OK?

(Q28) What if I have set up the WordPress installation to point to http://example.com/wordpress (I haven't; phew!)

(Q29) What about a standard Webfaction static site?

(Q30) Is this is a pre-req for the whole thing to work? If so, then it should be placed at the top of the doc, not the bottom

Custom email configuration

Particularly in the case of Gmail, you may need to override the default usage of Sendmail and use SMTP.

(Q31) Where do I put this info?

(Q32) What if it's a webfaction-defined address on one of the domains I'm creating the certificate for (which I guess will be a pretty common situation)? Will I need to do anything in that case?

See the wiki

(Q33) Which wiki?

Development

No idea what most of this section means.

(Q34) Does it matter?

But this bit looks important and should be further up the document:

To test certificate issuance, consider using the LetsEncrypt staging server. This doesn't have the 5 certs per domain every 7 days rate limit. You can add the --endpoint https://acme-staging.api.letsencrypt.org/ parameter to do so.

(Q35) Where? To the letsencrypt_webfaction command? Or in a (which) config file?

Other

(Q36) Once the cert is installed on my standard Webfaction Wordpress site, what do I need to do to make it redirect to https instead of http? (I guess this is something that should be in the webfaction documentation, not here, but a pointer to it would be useful.)

I should add that I haven't run this yet, as I'm still unsure how.

Many thanks for any further help you can give.

permanent link

answered 04 Jul '16, 19:49

JustAnotherWebFactionUser's gravatar image

JustAnotherW...
438
accept rate: 33%

Thanks, this helps. I'll go through this and clarify the suggested points in the readme. I think I've made the assumption of prerequisite knowledge (cron for example), and I might continue to assume that the reader knows how to use the tool, but I'll simplify it slightly and make it clear earlier in the document which tools the reader is assumed to know how to use. Since this forum isn't really suitable for too much back and forth, I've created a ticket to track progress: https://github.com/will-in-wi/letsencrypt-webfaction/issues/30 Feel free to add notes there!

Thanks for the commentary! Good critiques are difficult to come by, thanks for taking the time to think through this. This is invaluable.

(04 Jul '16, 20:17) williaminwi williaminwi's gravatar image

I've reworked the readme to address many of your suggestions. You can see that here: https://github.com/will-in-wi/letsencrypt-webfaction/issues/30#issuecomment-230367292

I'd love any further comments you have. If you don't mind, please add the comments to that ticket rather than here.

(05 Jul '16, 00:45) williaminwi williaminwi's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×79
×26
×15

question asked: 15 Mar '16, 21:14

question was seen: 2,339 times

last updated: 02 Aug '16, 14:58

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2016 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM