system/letsencrypt: Updated for version 0.21.0.

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
2018-01-18 20:39:21 +07:00 · 2018-01-18 20:39:21 +07:00 · 967ae58146
parent 4091bd3d8e
commit 967ae58146
4 changed files with 46 additions and 39 deletions
--- a/system/letsencrypt/README.Slackware
+++ b/system/letsencrypt/README.Slackware
@ -1,44 +1,18 @@
 PLUGINS SUPPORT
 letsencrypt support five plugins to obtain/install certificates and many more to come in the future.
-However, we will only cover standalone and apache plugin. Using apache plugin is the recommended way
-as it doesn't require the webserver to be taken offline causing downtime during validation.
+Using apache plugin is the recommended way as it doesn't require the webserver to be taken offline
+causing downtime during validation.

 All domain-spesific configuration files are stored in /etc/letsencrypt/live/<DOMAIN-NAME>
 Once certificate is created, you need to enable SSL module in httpd.conf and configure httpd-ssl.conf

-OBTAINING CERTIFICATE USING STANDALONE PLUGIN
-Here's what i use to create a certificate using port 443 for domain validation
-certbot certonly --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text --standalone
-
-If you want to use port 80 for domain validation, replace
--preferred-challenges tls-sni-01
-with
--preferred-challenges http-01
-
 Since 0.14.1, letsencrypt is able to generate/renew all certificates for all of your configured vhost domains.
 Just run letsencrypt or certbot and you will see all domains are available.

-NOTE:
-You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to
-temporarily stop your exising webserver)
-
-OBTAINING CERTIFICATE USING APACHE PLUGIN
-Thanks to Eric Pratt, certbot/letsencrypt's Apache Plugin is now working well with Slackware.
-
-Here's what i use to create a certificate using port 443 for domain validation
-certbot certonly --apache --webroot-path=<DOCUMENT-ROOT> --preferred-challenges tls-sni-01 -d <DOMAIN-NAME> \
--email <ADMIN-EMAIL> --renew-by-default --agree-tos --text
-
 RENEWAL PROCESS
 Best way to automate the certificate renewal is by using cron service.
-Create a bash script in /etc/cron.monthly that does the following actions (depending on which plugin you used):
-Standalone: - turn off httpd service
-            - give some delay (2s is enough)
-            - run the same command generate the certificate to renew automatically
-            - start httpd service
-Apache Plugin: run the same command to generate the certificate to renew automatically or use
-               letsencrypt renew (it will automatically renew when the expired date is less than few weeks).
+Create a bash script in /etc/cron.monthly that does the following actions:
+  letsencrypt renew (it will automatically renew when the expired date is less than few weeks).

 RATE LIMIT
 Rate limit on registrations per IP is now 500 per 3 hours.
@ -67,9 +41,8 @@ rsa-key-size = 4096
 # Uncomment to use a text interface instead of ncurses
 # text = True

-# Uncomment to use the standalone or apache authenticator on port 443
-# authenticator = standalone / apache
-# preferred-challenges = tls-sni-01
+# Uncomment to use the apache authenticator
+# authenticator = apache

 # Uncomment to use the webroot authenticator. Replace webroot-path with the
 # path to the public_html / webroot folder being served by your web server.
--- a/system/letsencrypt/configurator.patch
+++ b/system/letsencrypt/configurator.patch
@ -0,0 +1,33 @@
+--- certbot-0.21.0/certbot-apache/certbot_apache/configurator.py.old	2018-01-19 05:16:48.965843221 +0700
+++ certbot-0.21.0/certbot-apache/certbot_apache/configurator.py	2018-01-19 05:35:24.916445040 +0700
+@@ -89,20 +89,20 @@
+     description = "Apache Web Server plugin - Beta"
+ 
+     OS_DEFAULTS = dict(
+-        server_root="/etc/apache2",
+-        vhost_root="/etc/apache2/sites-available",
+-        vhost_files="*",
+-        logs_root="/var/log/apache2",
+-        version_cmd=['apache2ctl', '-v'],
+-        apache_cmd="apache2ctl",
+-        restart_cmd=['apache2ctl', 'graceful'],
+-        conftest_cmd=['apache2ctl', 'configtest'],
+        server_root="/etc/httpd",
+        vhost_root="/etc/httpd/extra",
+        vhost_files="httpd-vhosts.conf",
+        logs_root="/var/log/httpd",
+        version_cmd=['apachectl', '-v'],
+        apache_cmd="apachectl",
+        restart_cmd=['apachectl', 'graceful'],
+        conftest_cmd=['apachectl', 'configtest'],
+         enmod=None,
+         dismod=None,
+-        le_vhost_ext="-le-ssl.conf",
+        le_vhost_ext="",
+         handle_mods=False,
+         handle_sites=False,
+-        challenge_location="/etc/apache2",
+        challenge_location="/etc/httpd",
+         MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+             "certbot_apache", "options-ssl-apache.conf")
+     )
--- a/system/letsencrypt/letsencrypt.SlackBuild
+++ b/system/letsencrypt/letsencrypt.SlackBuild
@ -2,7 +2,7 @@

 # Slackware build script for letsencrypt

-# Copyright 2015-2017 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
+# Copyright 2015-2018 Willy Sudiarto Raharjo <willysr@slackbuilds.org>
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@ -24,7 +24,7 @@

 PRGNAM=letsencrypt
 SRCNAM=certbot
-VERSION=${VERSION:-0.19.0}
+VERSION=${VERSION:-0.21.0}
 BUILD=${BUILD:-1}
 TAG=${TAG:-_SBo}

@ -73,6 +73,7 @@ find -L . \
 sed -i "/'argparse',/d" setup.py
 sed -i "/'argparse',/d" acme/setup.py
 sed -i 's/apache2ctl/apachectl/' certbot-apache/certbot_apache/constants.py
+patch -p1 < $CWD/configurator.patch

 for i in $(grep -ri /apache2 * | cut -d: -f1 | sort -u)
 do
--- a/system/letsencrypt/letsencrypt.info
+++ b/system/letsencrypt/letsencrypt.info
@ -1,10 +1,10 @@
 PRGNAM="letsencrypt"
-VERSION="0.19.0"
+VERSION="0.21.0"
 HOMEPAGE="https://letsencrypt.org/"
-DOWNLOAD="https://github.com/certbot/certbot/archive/v0.19.0/certbot-0.19.0.tar.gz"
-MD5SUM="3eeaceb7fe5b514807d8b7f4af57edc1"
+DOWNLOAD="https://github.com/certbot/certbot/archive/v0.21.0/certbot-0.21.0.tar.gz"
+MD5SUM="d95c4aca9e3e19f5c4a87975283245a4"
 DOWNLOAD_x86_64=""
 MD5SUM_x86_64=""
-REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing"
+REQUIRES="configobj mock python-requests pytz python2-pythondialog zope.component pyrfc3339 psutil python-parsedatetime python-configargparse werkzeug ndg_httpsclient python-augeas pyparsing josepy"
 MAINTAINER="Willy Sudiarto Raharjo"
 EMAIL="willysr@slackbuilds.org"