[OPEN-ILS-DEV] Let's Encrypt on Evergreen server

Mon Mar 7 20:28:57 EST 2016

Hi Ben,

Awesome!  I'm excited about your response -- I've got a similar setup with
Ubuntu 14.04/Apache 2.4.

Here's what I've got today --

- I commented out the HTTP vhost in /etc/apache2/sites-available/eg.conf,
leaving only the HTTPS vhost, since Let's Encrypt was giving an error about
only working with one vhost.  Also verified ServerName of that vhost is my
fqdn.
- Redid the whole auto-letsencrypt apache thing, got through without errors
this time.  Server passed ssllabs.com test, too. (Hooray!)
- Stopped and started opensrf, ran autogen.sh, and restarted apache.
- Verified no certificate errors when hitting https://fqdn (Hooray!)
- Attempted to start Evergreen client.  Got following errors:
fmall.js: TypeError: document.getElementsById("offlineStrings") is null (OK
button)
fmall.js: Error: File not found:
http://evergreentest.stkate.edu/opac/common/js/fmall.js
- Found a 2013 IRC log about these errors (
http://irc.evergreen-ils.org/evergreen/2013-08-27). Reran autogen.sh, no
luck.  Have noted: if I hit the given URL in a browser, I also get a File
Not Found.  HOWEVER, if I hit the same over HTTPS, I get data back.

Wondering if commenting out the HTTP vhost is causing the fmall.js errors.
It's also possible that I've got localhost hanging out somewhere in my
Evergreen setup that needs to be swapped out for the domain name -- I
originally started without and may have missed a spot when I tried to swap
in the domain name later.  Thoughts?

Side note: I am somewhat baffled about how the server and hitting the
browser client is validating over HTTPS, given my eg.conf file still says
the cert/key are in the apache ssl directory the Evergreen instructions
have you create, while Let's Encrypt puts the goods elsewhere (
https://letsencrypt.readthedocs.org/en/latest/using.html#where-certs ).
I'd be interested in knowing some more about what you changed within
eg.conf, Ben.

Thanks,
Kelsey

On Sun, Mar 6, 2016 at 7:58 PM, Ben Shum <ben at evergreener.net> wrote:

> Hi Kelsey,
>
> I've been using Let's Encrypt on my personal Evergreen test server
> (https://demo.evergreener.net) for this past month or so.  Prior to
> that, I used Let's Encrypt for some other test systems at my previous
> place of work.
>
> The biggest issue I encountered initially was that my system wasn't
> resolving the reverse DNS properly for my site (it took a little time
> for all the DNS to populate properly).  This caused the
> letsencrypt-auto to fail for me.  I think I ended up installing an
> additional python package to get that working in addition to giving
> enough time for DNS to propagate.
>
> The test system I used was installed with Ubuntu 14.04 server and
> apache 2.4, which letsencrypt seemed to have better luck in handling
> automatically the apache replaces with apache 2.4 vs. 2.2 (which
> shipped on older Ubuntu distros).  Alternatively, I think I also just
> eventually figured out how to setup my eg.conf config file with the
> necessary paths for the SSL cert and chain files.
>
> Feel free to ask further questions about your issues.  I think using
> Let's Encrypt is an awesome solution for SSL certificates.
>
> -- Ben
>
> On Sun, Mar 6, 2016 at 8:50 PM, Kelsey Lied <kalied at stkate.edu> wrote:
> > Hi,
> >
> > I am wondering if anybody is using Let's Encrypt (letsencrypt.org) for
> their
> > Evergreen install.
> >
> > We're spinning up a new install and would like to use it, but so far I
> have
> > had no luck on our test server.  I have tried a number of things, getting
> > various errors.  The Let's Encrypt community has generally had an answer
> for
> > each error, but every answer I've tried messes with config settings that
> > ultimately prevent Evergreen from running properly.  (Happy to provide
> > errors if folks are interested, but they're errors in another tool, so
> don't
> > want to bog down the initial query.)
> >
> > Is anybody using Let's Encrypt successfully?
> >
> > Thanks,
> > Kelsey
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://libmail.georgialibraries.org/pipermail/open-ils-dev/attachments/20160307/30786464/attachment.html>