LetsEncrypt
This is our adventures getting Letsencrypt which is a fancy way of getting the lock on the website like banks have.
Andres
tried.following the instructions by doing ssh to the little.house server. The idea was to get https on mailman or another page available in that server. Something went wrong because nginx.was installed and took over the kit and the mailman website.
Never the less Andres was happy as it was his first ssh. First laptop later phone and tablet using f-droid apps: connectbot combined with the anysoft ssh keyboard.
Ian:
I went into Little House today and I enabled the router to allow port 443 to server neo. Port 443 is https, port 80 is http.
Now ssh seems to be working again, and the web servers are responding to http requests (with the message "Welcome to nginx").
But theweb servers are not responding to https requests.
I wonder whether there needs to be some configuration added to the virtual hosts files in /etc/apache2/sites-available/ to allow apache to serve https. I don't know why nginx is handling http requests, and I don't know how to get it back to how it was or to move it forward to where it wants to be. There's no clue given as to what files letsencrypt has changed. The directory /etc/letsencrypt/ is empty, but I guess that's just because there were errors and the process didn't complete.
There's one virtual host - littlehouse.richmondmakerlabs.uk which I invite you to move to https, using python3. That should not affecting the current stuff which depends on python2.
You can edit or copy the apache2 virtual host file named littlehouse (on neo it's named 002-littlehouse, but on nemo it's just named littlehouse), if changes to the virtual host config files are needed.
It may be that there have to be two virtual hosts files for littlehouse, one for http access and the other for https access. The letsencrypt documentation doesn't say anything about that, or about adding "SSLEngine on" to the virtual host configuration file.
If letsencrypt wants to change all the virtual hosts to https, I would say let's forget it, for fear of losing stuff that's working OK at present without https. There's also the "snakeoil" method of doing https, where we create our own self-signed certificate. We could also experiment with that, to get better knowledge of the process.
I've never had to deal with https before, so I have no expertise to offer. If we can do it, we will all learn something. It's great to have a working server that we can mess around with in this way.
Andres with help from Ryan
Looks like mailman web page is up again, thanks Ryan for this simple command:
andres@neo:~$ sudo update-rc.d -f nginx disable
Later reboot with $sudo shutdown -r now
It seems.nginx was loading up before apache server.seems that they don't run in paralell you can either have apache or nginx.
Andres is still super excited about ssh he tells everyone about it.
Might need to uninstall. "did you run "sudo apt-get remove nginx nginx-common" ?"
Ian:
The server is a new box now, so all the LetsEncrypt stuff isn't there any more. But do run it again, using Python3. I've discovered that LetsEncrypt adds a config file to apache2, so that apache has the SSL Engine On, without changing any of the Virtual Host config files.
I don't think nginx is present on the server now. Install it if needed, or maybe Letsencrypt does this for us?
I'm not all that comfortable with Letsencrypt doing its stuff as a "wizard", with little or no idea what it's installing on our server. If it was a mission-critical server, I would not be a happy bunny.
Having said that, I'm up for giving it a try, in the spirit of exploration, hacking and learning what works.
Andres Tries again
Several months later EFF have Certbot which should make it easy to install. I will try it in one of the non critical servers.
2016-08-08
Followed the instructions but https://littlehouse.richmondmakerlabs.uk/ page hosted in Server_Novo still not found. notice the S after http.
Error is 'Name does not end in a public suffix' maybe here [1]