blog.mirabellette.eu

A blog about digital independence and autonomy

Cybersecurity

Examples of script to renew automaticaly web certificates with let's encrypt

Written by Mirabellette / 13 october 2017 / no comments

Hello everyone,

I know it is a very long time that I didn't post any article but life is life. ^^
Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time.

Generation web certificates with a specific domain name

The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed.

#!/bin/bash
# file : /root/certs/renew-webcert.sh
# Renew all certificates which are in the given file
logFile="/var/log/renew-cert.log"

serverName=$1
while read c ; do
 if [[ ${c} != "#"* ]]; then
  if [[ ${c} != "----------" ]]; then
   echo $c
   echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile
   /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect
  fi
 fi
done <$serverName
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/serverName
toto.example.org
#titi.example.org
----------
tata.example.org

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName
Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

A single web certificate with multiple domain name

The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter.

#!/bin/bash
# file : /root/certs/renew-webcert-mirabellette.sh
logFile="/var/log/renew-cert-mirabellette.log"

serverName="server-name-mirabellette"
cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect"
while read domainName ; do
 if [[ ${domainName} != "#"* ]]; then
  if [[ ${domainName} != "----------" ]]; then
   echo $domainName
   cmdRenew="$cmdRenew -d $domainName"
  fi
 fi
done <$serverName

echo ${cmdRenew}
${cmdRenew}
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/server-name-mirabellette
blog.mirabellette.eu
privatebin.mirabellette.eu
#lufi.mirabellette.eu

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert-mirabellette.sh

Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

sources:
I hope this article gave you some ideas to easily manage how to renew your web certificate.

Specific OpenVPN error on Windows 10 "endpoints must exist within the same 255.255.255.252"

Written by Mirabellette / 15 may 2017 / no comments

Hello everyone,

    system
  • debian jessie stable 8.7
  • windows 10 creators update
  • openvpn 2.3.4.5 on the server
  • openvpn 2.4.2 on the client

I recently got a new laptop with windows 10. Obviously, I installed OpenVPN with the correct configuration. When I try to connect it i got an error's message.

if The local and remote VPN endpoints must exist within the same 255.255.255.252

After some hours to find a solution, I finally find it and it is trivial. You just have to

open your open vpn configuration
add "topology subnet"
restart openvpn

vim /etc/openvpn/server.conf
add "topology subnet"
service openvpn restart

* on the client

service openvpn restart

Now, the openvpn client must be able to connect to the server without error.

I hope this article will help you to solve this kind of problem.