[Qa-debsources] upcoming SSL cert expiry and letsencrypt
Matthieu Caneill
matt at brokenwa.re
Wed Dec 2 14:21:52 UTC 2015
On Wed, Dec 02, 2015 at 02:12:37AM +0100, Orestis Ioannou wrote:
> So to install it on wheezy one need to clone the repo and then run
> letsencrypt-auto
> It will install these dependencies from apt:
>
> git python python-dev python-virtualenv gcc dialog libaugeas0 libssl-dev
> libffi-dev ca-certificates
>
> and then it creates a virtual env and install lets-encrypt from pypi.
> You don't have to run the script as root (in the file it says not
> recommended) but it will require sudo to install the deps.
Alright, I'll be able to run this on the debsources VM. What
information will be asked? Is it only the installation procedure, or
will this set-up the challenge, etc?
> There is another option: running it inside docker. This avoids
> installing the dependencies system wide.
> They have the dockerfile and the command to start it.. Once you run
> letsencrypt by specifying the domain it will get the certificate and put
> it in the host machine.. (thats what the docs say.. couldn't test it
> because it fails due to my email not in the beta) So i guess the next
> step would just be to replace the certs since apache is already
> configuered.. I ll test this better (getting a cert etc when the public
> beta is on)
>
>
> Anyway both ways require sudo at some time so what do you think its the
> best way to proceed?
Well, if docker only brings the advantage of not installing a couple
of packages (since the rest will be in a virtual env anyway), I think
it's easier not to use it. Unless there are more advantages, etc.
Cheers,
--
Matthieu
More information about the Qa-debsources
mailing list