Month: April 2019

Renewing a Certbot Letsencrypt Webserver Certificate

Situation: 2019-0417: I run my own webserver and my SSL/TLS encryption certificates expired.

Background: I like to use certbot to create and manage my SSL/TLS certificates and the certificates expire every 90 days. Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server. https://certbot.eff.org/about/

My server is running:
Linux server 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 GNU/Linux
Distributor ID: Debian
Description:    Debian GNU/Linux testing (buster)
Release:        testing
Codename:       buster

Assessment: I will outline the steps I took for renewing my certificate.

Implementation: All commands are run in a terminal.

1. stop the apache web server 

systemctl stop apache2

2. View the certificates installed and see their expiration date

certbot certificates

3. certbot command to renew certificate

certbot certonly --cert-name [name-of-your-certificate-here] --force-renewal

You get the following output

How would you like to authenticate with the ACME CA?
 - - - - - - - - - - - - - - - - - - - - - - - - - - - 
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

my selection:

choose option 2 "Spin up a temporary webserver (standalone)"

3. restart apache2 

 systemctl start apache2

4. View certificate and check new date 

 certbot certificates

5. Check certificate at ssl labs

https://www.ssllabs.com/ssltest

Finished 2019-0417

Mythtv fails on update setting up mythtv and mythtv-database (29.1+fixes20180603.git1777cc4425-dmo1)

Situation: I was getting the following error message on updating the mythtv package from https://www.deb-multimedia.org testing/main amd6.

Setting up mythtv-database (29.1+fixes20180603.git1777cc4425-dmo1) …
Failed to connect to database: Access denied for user
‘root’@’chadchenault.com’ (using password: NO) at -e line 5, <> line 1.

dpkg: dependency problems prevent configuration of mythtv:
mythtv depends on mythtv-database (>= 29.1+fixes20180821.gite5fc66e822-dmo1); however:
Package mythtv-database is not configured yet.

dpkg: error processing package mythtv (–configure):
dependency problems – leaving unconfigured

Background: Updates started to fail in June 2018 and after several months of internet searching, I could not find a solution. My system isSystem:
Linux server 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 GNU/Linux
Distributor ID: Debian
Description:    Debian GNU/Linux testing (buster)
Release:        testing
Codename:       buster

Assessment: Contacted the package maintainer Christian Marillat at deb-multimedia.org for help after internet searches yielded no results.

Recommendation: Christian Marillat was kind enough to reply the next day with the suggestion to reconfigure the mythtv-database package. This will allow you to put in your database settings in the package before the software update. My update was failing because my mythtv database setting for the root user did not have a password. I entered the following command:

dpkg-reconfigure --force mythtv-database

You get the following question asking for the password for the root user of mysql/mariadb:

"This information will be used to create a database and user for MythTV. Unless you have explicitly changed the password on the MySQL server, leave this blank.

The password for the MySQL administrator account 'root':

 

It is very important to enter the password despite what prompt telling you to leave it blank. This is because if you do not store your password in plain text configuration files for security, dpkg will not find your root password. Possible places to store the root password are:

/etc/mysql/[debian.cnf, my.cnf, mariadb.cnf]

I prefer not store the password in plain text configuration files and thus will always have to enter the root mysql password when dpkg configures mythtv-database.

After configuration, you can run the upgrade:

apt upgrade

The mythtv-backend server usually crashes and does not restart when the upgrade fails with no password. You will have to restart the mythtv-backend server with the following commands:

systemctl restart mythtv-backend
systemctl status mythtv-backend

I would like to aknowledge Christian Marillat from http://deb-multimedia.org/ for his assistance and providing the mythtv package. He is doing a wonderful service.

keywords: debian, mythtv, mythtv-common, mythtv-database, mysql, mariadb