Situation: 2019-0417: I run my own webserver and my SSL/TLS encryption certificates expired.
Background: I like to use certbot to create and manage my SSL/TLS certificates and the certificates expire every 90 days. Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server. https://certbot.eff.org/about/
My server is running:
Linux server 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 GNU/Linux
Distributor ID: Debian
Description: Debian GNU/Linux testing (buster)
Assessment: I will outline the steps I took for renewing my certificate.
Implementation: All commands are run in a terminal.
1. stop the apache web server
systemctl stop apache2
2. View the certificates installed and see their expiration date
3. certbot command to renew certificate
certbot certonly --cert-name [name-of-your-certificate-here] --force-renewal
You get the following output
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
choose option 2 "Spin up a temporary webserver (standalone)"
3. restart apache2
systemctl start apache2
4. View certificate and check new date
5. Check certificate at ssl labs
2019-0320. My Evolution email client stopped stopped working after my server upgraded Dovecot was from version 2.2 to 2.3. I was getting TLS errors in Evolution. The error was “The reported error was “Failed to get capabilities: Error performing TLS handshake: An unexpected TLS packet was received.” I also have Roundcube webmail based email and it continued to work. The fix to the problem was not hard (Thank you Linux Community) however there is not much information on the internet now on solving this problem and thus the reason I felt motivated to write this post and give back to the Linux community.
My server is Debian Sid (Buster/Debian 10). My email is setup using the guide from https://workaround.org/ispmail/stretch.
The solution to the problem is change the ssl configuration in the dovecot file “/etc/dovecot/conf.d/10-ssl.conf”. I also increased the security of the SSL/TLS protocols used. References are: https://wiki2.dovecot.org/Upgrading/2.3 and https://wiki2.dovecot.org/SSL/DovecotConfiguration.
I first needed to create a new Diffie Hellman parameters file that is involved in the TLS key exchange. This file collects entropy from the computer and took roughly an hour on my slow server computer. Enter these commands in the terminal. https://wiki2.dovecot.org/SSL/DovecotConfiguration#SSL_security_settings
openssl dhparam 4096 > dh.pem
I removed the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.
ssl_protocols = !SSLv2 !SSLv3
I added and modified the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes
Restart the dovecot service
sudo systemctl restart dovecot
Check that the dovecot service is running
sudo systemctl status dovecot
All done and Evolution email is working.
Nextcloud 14.04 stopped working on me. I was getting a blank page on my nextcloud website. I found the following error message in my nextcloud logfile:
"Error: Call to undefined function OC\\App\\simplexml_load_file() at \/var\/www\/cc.com\/nextcloud\/lib\/private\/App\/InfoParser.php#64".
It appears the problem was when php was updated from 7.2 to 7.3 however the apache2 webserver was trying to use the older php7.2 module and php7.3 module was not enabled. The solution is to disable the php7.2 and enable php7.3 module for apache2. The following commands are entered into the terminal.
Disable the apache2 module php7.2
sudo a2dismod php7.2
Enable the apache2 module php7.3
sudo a2enmod php7.3
Restart the Apache webserver and show it’s running status
sudo systemctl restart apache2 & sudo systemctl status apache2
I found the following site helpful: https://tecadmin.net/switch-between-multiple-php-version-on-debian/
The server was Debian testing/sid. 2019-0110
I was having failures creating new certificates in certbot due to a change in their code. I previously ran the following command to create a website certificate for an apache server running on Debian 8 Jessie.
# certbot run --verbose --text --apache --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com,alternative-domain-name.org,third-domain-name.com
This used to work but now (2018-0226) it doesn’t. Here is the output of error:
Performing the following challenges:
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Traceback (most recent call last):
File "/usr/bin/certbot", line 11, in <module>
load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()
I found the answer here: https://github.com/certbot/certbot/issues/5405
The following command worked, substitute working values for “your-email.com” and “your-domain-name.com”.
# certbot certonly --standalone --verbose --text --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
This is for the following version of certbot.
# certbot --version
The end 🙂
I am running a Debian 8 Jessie email server with postfix and dovecot. I wanted to change from self signed certificates to certificates from Let’s Encrypt. It was easy to do and I wish had not waited so long to change. This blog post, https://www.shivering-isles.com/lets-encrypt-free-trusted-certificates-for-postfix-and-dovecot/ explained it perfectly for me, so there is no need for me to document the commands.
I use rsync on gnome-ubuntu 15.10 to back up my data to my server running Debian 8. This creates incremental backups similar to Apples Time Machine. The backup runs every 2 hours so this creates more backups than needed at the expense of hard drive space. I used to manually delete the files from the server and would try to save a monthly backup, 8 weekly backups, 30 daily backups, and 2 weeks of every 2 hour backups. This was a time consuming process of manually selecting the files and thus I was not consistent about removing the extra backups. My backup scripts are written in python and I was going to write a script that would delete old backups that were not needed any more. Even better than writing your own script is finding one that has already been written such as https://rotate-backups.readthedocs.org/en/latest/#rotate-backups-simple-command-line-interface-for-backup-rotation. This script will automatically delete your old backups and you can configure it for many backups you want to keep.
This script is well documented and easy to use. I give it my highest recommendation.
I had a need to rename a file with the current date after running a backup script. This was done on Debian 8 Linux. The backup script would make a file name called “/mnt/backup.chadchenault.com/backup/server.cc.com.webmin/webmin.tar.gz“. I like my backup files with year-month-day at the front of the filename for easy sorting by date. My format is 2016-0422 for the date of April 04, 2016. I am using the date command to insert the current date and this is command that runs automatically after the backup command is run.
mv /mnt/backup.chadchenault.com/backup/server.cc.com.webmin/webmin.tar.gz /mnt/backup.chadchenault.com/backup/server.cc.com.webmin/$(date “+%Y-%m%d.webmin.tar.gz”)
This results in a new filename of “/mnt/backup.chadchenault.com/backup/server.cc.com.webmin/2016-0422.webmin.tar.gz”
Here are an example of testing the date command from the command line.
Create a file “delete.txt”
Copy the file to a new name with current Year-MonthDay.delete.txt format
cp -v delete.txt /root/$(date “+%Y-%m%d.delete.txt”)
The output of the command on 2016-0422 was:
‘delete.txt’ -> ‘/root/2016-0422.delete.txt’
The command was run successfully.
OS: Mythubuntu 14.04
Hardware: AMD E-350 APU, 8 GB DDR3 1066,AMD Radeon HD 6310 graphics
Playback of video was choppy and CPU utilization would reach 100% without hardware acceleration. I am using default radeon open source video drivers. I installed VDPAU drivers with
sudo apt-get install mesa-vdpau-drivers
Enable VDPAU through the MythTV frontend settings:
“Utilities -> Setup -> TV Settings -> Playback -> Playback Profiles (3/8)”
I selected “VDPAU High Quality”
I updated the Evolution Email Client from 3.12 to 3.16 on Ubuntu Gnome 15.04. Version 3.16 has an archive feature I wanted to use that is not found on 3.12. I followed this blog, http://linuxpitstop.com/how-to-upgrade-evolution-email-client-to-3-16-on-ubuntu-15-04/#comment-3070, that had the installation instructions.
This contains instructions on how to add new applications to your owncloud 8.1 server. I will give an example of adding Mozilla Sync 1.4 application. I am downloading the application using the command line. The server is Linux Ubuntu 14.04.02.
- Go to https://apps.owncloud.com/ and find the application you want to add. Find Mozilla Sync 1.4 application and go to it’s page.
- Go to it’s git page by clicking “Link”. It is located at the top of the page at Version Control: Link
- From the git page, copy the git link “HTTPS clone URL”. The link is https://github.com/owncloud/mozilla_sync.git
- From the terminal go to your apps directory in owncload (/var/www/cc.com/owncloud/apps).
- Download the application with:
sudo git clone https://github.com/owncloud/mozilla_sync.git
- View the directory and make sure the application is owned by your web server user “www-data”
- Change the ownership of the directory to www-data:www-data (user:group)
sudo chown www-data:www-data -R mozilla_sync/
- From owncloud menu, select Apps/Not enabled. Find the application Mozilla Sync 1.4 and select the “enable” button to activate the application.