blog.mirabellette.eu

A blog about digital independence and autonomy

Examples of script to renew automaticaly web certificates with let's encrypt

Written by Mirabellette / 13 october 2017 / no comments

Hello everyone,

I know it is a very long time that I didn't post any article but life is life. ^^
Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time.

Generation web certificates with a specific domain name

The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed.

#!/bin/bash
# file : /root/certs/renew-webcert.sh
# Renew all certificates which are in the given file
logFile="/var/log/renew-cert.log"

serverName=$1
while read c ; do
 if [[ ${c} != "#"* ]]; then
  if [[ ${c} != "----------" ]]; then
   echo $c
   echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile
   /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect
  fi
 fi
done <$serverName
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/serverName
toto.example.org
#titi.example.org
----------
tata.example.org

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName
Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

A single web certificate with multiple domain name

The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter.

#!/bin/bash
# file : /root/certs/renew-webcert-mirabellette.sh
logFile="/var/log/renew-cert-mirabellette.log"

serverName="server-name-mirabellette"
cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect"
while read domainName ; do
 if [[ ${domainName} != "#"* ]]; then
  if [[ ${domainName} != "----------" ]]; then
   echo $domainName
   cmdRenew="$cmdRenew -d $domainName"
  fi
 fi
done <$serverName

echo ${cmdRenew}
${cmdRenew}
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/server-name-mirabellette
blog.mirabellette.eu
privatebin.mirabellette.eu
#lufi.mirabellette.eu

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert-mirabellette.sh

Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

sources:
I hope this article gave you some ideas to easily manage how to renew your web certificate.

SWAP : Usage and management

Written by Mirabellette / 23 july 2017 / no comments

System: Debian 8 - linux 3.16

Hello everyone,

Usage

Today, I want to talk about the SWAP, and to increase his size, reduce it or configure the system to load it at boot. Before talking about that, I would like to describe briefly what Ram and SWAP are used for. Ram, and in some situation SWAP, are used by processes to work. To understand better, a picture is often a good idea.
Swap
As you can see in the picture from wikipedia, the swap is a space disk used when the ram space is full. It is always slower than the ram (until disk access are faster than ram access, but it is not for tomorrow). The space disk for the swap must have a specific format and has a size. It is common to determine the size to 1,5 x ram. Nevertheless, this value could be very important, especially when you have a big amount of ram. For example, with 16 go of ram, 1,5 x this is 24 go, it is a lot !

Today, unless you have specific usage like using a lot of virtual machine or in a server architecture, it is very rare to use more than 16 go. (Of course, if you have a small amount of ram, this will happen more often). That's why, I recommend you to fix a small size, for example, 0,1 * ram size and to improve it depending of your usage. Of course, if you have many Giga octet free, you could increase this size, but if you never use it, it is a waste of space disk.

Management

The swap file could be stored in a specific partition. To keep this article as simple as possible, we will not talk about this case. To begin with, we have to determine how much ram and swap do we have ? We can use the top command to know that.

In my case, I have ~= 2go (2009380) of ram and I have decided to fix the swap to ~= 512 mo (524284). Ram and Swap usage
Let's guess that 512 mo is not enough and we would like to increase the size to 1go. To do that, we have to follow this procedure:
  • identify where is the swap file and his size
    swapon -s
  • Swap location and size
  • deallocate the swap
    swapoff /swap
  • delete the previous swapp file
    rm /swap
  • create a new file with specific size
    dd if=/dev/zero of=/pathToTheNewSwap bs=1024 count=1M
    *if you want 512 mo, replace 1M by 512k
  • format the new file to a swap format
    mkswap /pathToTheNewSwap
  • configure the system to use the new swap as swap
    swapon /pathToTheNewSwap
  • configure the system to load it at each boot, you have to delete the line about the previous swap file and add a line for the new one.
    vi /etc/fstab
    /pathToTheNewSwap swap swap sw 0 0
Now, you must have 1go of swap displayed when you launch top and you must see /pathToTheNewSwap as swap file when you do swapon -s

I hope this article help you to understand how is used the swap and how to manage it. Do not hesitate to comment the article.

sources:

Specific OpenVPN error on Windows 10 "endpoints must exist within the same 255.255.255.252"

Written by Mirabellette / 15 may 2017 / no comments

Hello everyone,

    system
  • debian jessie stable 8.7
  • windows 10 creators update
  • openvpn 2.3.4.5 on the server
  • openvpn 2.4.2 on the client

I recently got a new laptop with windows 10. Obviously, I installed OpenVPN with the correct configuration. When I try to connect it i got an error's message.

if The local and remote VPN endpoints must exist within the same 255.255.255.252

After some hours to find a solution, I finally find it and it is trivial. You just have to

open your open vpn configuration
add "topology subnet"
restart openvpn

vim /etc/openvpn/server.conf
add "topology subnet"
service openvpn restart

* on the client

service openvpn restart

Now, the openvpn client must be able to connect to the server without error.

I hope this article will help you to solve this kind of problem.