Abyss and Let’s Encrypt (a new Certificate Authority)

 
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates
View previous topic :: View next topic  
Author Message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Tue Sep 29, 2015 7:02 pm    Post subject: Abyss and Let’s Encrypt (a new Certificate Authority) Reply with quote

Hi Aprelium,

I have just heard about Let's Encrypt...

Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open. Arriving Q4 2015
https://letsencrypt.org/

...(more information below FYI) and wondered if you are aware of it and whether you might consider making Abyss automatically handle the creation, use within Abyss and renewal of their free security certificates?

It seems like it will be a good way of https securing a web site hosted in Abyss without much cost or effort.

I will look forward hearing your thoughts on this.

Thanks,

David

More information...

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). https://letsencrypt.org/isrg/

The key principles behind Let’s Encrypt are:

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.

Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.

Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.

Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.

Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.

Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Wed Sep 30, 2015 9:39 am    Post subject: Reply with quote

I found some more information and it looks like multi-domain certificates will be available...

https://community.letsencrypt.org/t/frequently-asked-questions-faq/26
Quote:
Can I get a certificate for multiple domain names?

Yes, the same certificate can apply to several different names using the Subject Alternative Name (SAN) mechanism. The Let's Encrypt client automatically requests certificates for multiple names when requested to do so. The resulting certificates will be accepted by browsers for any of the domain names listed in them.


https://community.letsencrypt.org/t/please-support-multi-domain-ssl-certificates-like-the-ones-on-positivessl/867/4
Quote:
Please support Multi Domain SSL Certificates like...

ilp.moe
stats.ilp.moe
db.ilp.moe
b.ilp.moe
s.ilp.moe
hack.ilp.moe
im.ilp.moe
toaru-anime.tv
stats.toaru-anime.tv
im.toaru-anime.tv
toaru-music.tv
stats.toaru-music.tv
im.toaru-music.tv
toaru-pic.tv
stats.toaru-pic.tv
im.toaru-pic.tv

That list of domains will be fine for Let's Encrypt.
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Fri Jan 15, 2016 5:18 pm    Post subject: Reply with quote

Hi,

It seems that Let's Encrypt entered its public beta phase in December 2015...
https://letsencrypt.org/2015/12/03/entering-public-beta.html

I would really appreciate a reply from Aprelium to my question about the possibility of interfacing with this service from Abyss.

Thanks,

David
Back to top View user's profile Send private message
twotone
-


Joined: 18 Jun 2005
Posts: 10

PostPosted: Tue Feb 09, 2016 8:35 am    Post subject: Reply with quote

I would VERY MUCH like to use let's encrypt with Abyss. Any thoughts on Abyss support for this service. This is a first of it's kind - automatic request, signing, installation, and renewal of certificates - FOR FREE. No more expired certificates and lengthy trouble tickets to get renewals installed.
Back to top View user's profile Send private message
twotone
-


Joined: 18 Jun 2005
Posts: 10

PostPosted: Tue Feb 09, 2016 8:46 am    Post subject: Reply with quote

This guy has created a windows client for IIS.

https://community.letsencrypt.org/t/how-letsencrypt-work-for-windows-iis/2106/30

He has developed a plugin architecture for his client so plugins can be written for other servers (Such as Abyss). How about it? Anyone up to the task of coding a plugin for Abyss for this guys Let's Encrypt windows client? It's definitely beyond my abilities.
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 52

PostPosted: Fri Feb 19, 2016 11:14 am    Post subject: Reply with quote

+1

Tool for letsencrypt certicate automation for Abyss will be VERY usefull...
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Fri Mar 04, 2016 11:25 am    Post subject: Reply with quote

It's been five months since I posted this question. I also emailed and sent private messages to Aprelium and received no reply.

This makes me wonder if all is well at Aprelium. I do hope so.
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 52

PostPosted: Sat Mar 26, 2016 4:03 pm    Post subject: Reply with quote

Have serious doubts, unable to found Aprelium SARL in Tunisian commercional registry..

http://www.registre-commerce.tn
Back to top View user's profile Send private message
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Mon Mar 28, 2016 3:41 am    Post subject: Reply with quote

Have a look at this post by Aprelium
http://aprelium.com/forum/viewtopic.php?t=412403
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Mon Mar 28, 2016 5:20 pm    Post subject: Reply with quote

lazna wrote:
Have serious doubts, unable to found Aprelium SARL in Tunisian commercional registry..

http://www.registre-commerce.tn


We doubt you did the search using the right form:

* Browse http://www.registre-commerce.tn
* Select "Personne Morale" under "Recherche" in the left panel
* In the displayed form, type "Aprelium" in "Nom commercial"
* Press the "Lancer la Rechecher" button
* You'll get a table with a single row (ours)
* Press on the "eye" icon at the right of the row
* You'll get a page with more details about the company.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Thu Mar 31, 2016 12:15 pm    Post subject: Reply with quote

DavidQ wrote:
I would really appreciate a reply from Aprelium to my question about the possibility of interfacing with this service from Abyss.


ACME protocol support is planned for version 2.12 (Q4/2016.)

ACME is the protocol used to automatically request certificates from certification authorities such as "Let's Encrypt".
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 52

PostPosted: Thu Mar 31, 2016 3:56 pm    Post subject: Reply with quote

admin wrote:
lazna wrote:
Have serious doubts, unable to found Aprelium SARL in Tunisian commercional registry..

http://www.registre-commerce.tn


We doubt you did the search using the right form:

* Browse http://www.registre-commerce.tn
* Select "Personne Morale" under "Recherche" in the left panel
* In the displayed form, type "Aprelium" in "Nom commercial"
* Press the "Lancer la Rechecher" button
* You'll get a table with a single row (ours)
* Press on the "eye" icon at the right of the row
* You'll get a page with more details about the company.


I saw this single row, but not discovered the 'eye' is clickable. Than you for step by step guide.

Glad to see my doubts about Aprelium end days are false...

L.
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Fri Apr 01, 2016 3:25 pm    Post subject: Reply with quote

admin wrote:
ACME protocol support is planned for version 2.12 (Q4/2016.)

ACME is the protocol used to automatically request certificates from certification authorities such as "Let's Encrypt".


That is really good news! I will look forward to it.
Back to top View user's profile Send private message
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Tue Dec 13, 2016 11:37 am    Post subject: Reply with quote

Hi there. Any word on ACME support for Let's Encrypt?
Back to top View user's profile Send private message
Lawrence
-


Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU

PostPosted: Thu Dec 29, 2016 7:01 am    Post subject: Reply with quote

Yeah I'm pretty keen on this also, I'd very much like to secure a few pages. ^_^
Back to top View user's profile Send private message Visit poster's website ICQ Number
Daevon
-


Joined: 04 Jul 2009
Posts: 21

PostPosted: Sat Dec 31, 2016 1:59 pm    Post subject: I'd like to see it too! Reply with quote

Thanks Aprelium, and happy new year!
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Tue Feb 21, 2017 8:26 pm    Post subject: Reply with quote

It seems the planned version 2.12 release did not arrive in Q4/2016. However, I'm still really looking forward to ACME protocol support and would appreciate a progress update from Aprelium if possible.

Thanks,

David
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Thu Feb 23, 2017 2:40 am    Post subject: Reply with quote

DavidQ wrote:
It seems the planned version 2.12 release did not arrive in Q4/2016. However, I'm still really looking forward to ACME protocol support and would appreciate a progress update from Aprelium if possible.

Thanks,

David

Ditto that! Hope v. 2.12 can come soon with Let's Encrypt functionality.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Daevon
-


Joined: 04 Jul 2009
Posts: 21

PostPosted: Sun Feb 26, 2017 1:39 pm    Post subject: Hope Reply with quote

I too hope for that update, but I also wrote support more than a month ago and got no reply whatsoever...:(
Back to top View user's profile Send private message
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Fri Apr 07, 2017 11:16 pm    Post subject: Reply with quote

Just bumping this up, wondering if there's any response from the support team about ACME support?
Back to top View user's profile Send private message
Lawrence
-


Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU

PostPosted: Thu Apr 13, 2017 1:47 am    Post subject: Reply with quote

I'm anxiously waiting for this too. Being able to support the users of my websites with some encryption seems pretty important these days.
Back to top View user's profile Send private message Visit poster's website ICQ Number
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Fri Apr 14, 2017 11:39 pm    Post subject: Reply with quote

Lawrence wrote:
I'm anxiously waiting for this too. Being able to support the users of my websites with some encryption seems pretty important these days.


I just re-upped for 2 years of support, I'm hoping that a little bit of money might bring them back here to see there are still some users who are willing to pay and who want to see development continue.
Back to top View user's profile Send private message
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Thu Jul 06, 2017 9:50 pm    Post subject: Reply with quote

Just popping in with an update request: Been a while since we've heard from Aprelium staff about how development is going. Any updates?
Back to top View user's profile Send private message
lazna
-


Joined: 16 Aug 2015
Posts: 52

PostPosted: Sun Jul 09, 2017 10:07 pm    Post subject: Reply with quote

The version 2 of ACME protocol is adding wildcard certificates for subdomains.
Back to top View user's profile Send private message
Daevon
-


Joined: 04 Jul 2009
Posts: 21

PostPosted: Tue Jul 11, 2017 1:06 pm    Post subject: any hope? Reply with quote

I wrote both to contacts and support more than 3 times in the last 14 months, and never got an answer.
Paying users like Lithorien should at least get an answer.. but since none has been given, I fear for the worst...
Back to top View user's profile Send private message
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Fri Aug 11, 2017 7:35 pm    Post subject: Re: any hope? Reply with quote

Daevon wrote:
I wrote both to contacts and support more than 3 times in the last 14 months, and never got an answer.

Paying users like Lithorien should at least get an answer.. but since none has been given, I fear for the worst...


I was able to get an answer through email through the priority support account, here's the relevant snippet:

Quote:
ACME is on our todo list for a future revision. HTTP/2 support is on
that same list too.

We cannot provide you with an exact ETA for that new version but we
think it could be ready before the end of 2017.


Don't give up hope!
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Sat Aug 12, 2017 4:15 am    Post subject: Reply with quote

Hey all. Just wanted to let you know I got Let's Encrypt working with Abyss on Windows! There's a little bit of rig-a-ma-roll to make it happen, but it's not too complicated.

I hope to be posting a better tutorial within a few weeks.

Steps:

  • Download Crypt-LE --> http://litlurl.net/Crypt-LE
    From the latest release, download le32.zip or le64.zip, depending on your operating system (32/64 bit).
  • Extract the zip file to a folder of your choice on your server. It must be a writable directory.
  • In your router, forward TCP port 443 to your server (like you've already done for port 80).
  • For any domain you want to get an SSL certificate, you must create two folders in the web root directory.
    Create a directory called:
    Code:
    .well-known

    Windows Explorer won't allow you to do this. The workaround is to append a period at the end of the directory name.
    For example, type in:
    Code:
    .well-known.

    Create a directory inside the .well-known directory named:
    Code:
    acme-challenge

    You should be able to navigate to YOUR_WEB_ROOT_FOLDER\.well-known\acme-challenge
    Remember: Do this for every domain you want to enable SSL for.
  • Now build your argument list for le32.exe (or le64.exe).
    Here's some code to get started with:
    Code:
    le32.exe
    -key account.key
    -email your_email@server.com
    -csr demo.go2.rip.csr
    -csr-key demo.go2.rip.key
    -crt demo.go2.rip.crt
    -domains "demo.go2.rip,www.demo.go2.rip"
    -generate-missing
    -path "c:/web_docs/demo.go2.rip/.well-known/acme-challenge/,c:/web_docs/demo.go2.rip/.well-known/acme-challenge/"

    *Change to your email address. This is an optional parameter, but it's for "email for expiration notifications".
    *The parameters key, csr, csr-key, and crt define files that will be created in the folder where le32.exe resides.
    *Note: Every time you create certificates with this program, use the same account.key file.
    *Note: You can specify several domains in the domain parameter. Make sure to put the corresponding path in the path parameter.
    The first domain corresponds to the first path and the second domain corresponds to the second path, etc.
    (In my example, the root domain and www subdomain have the same root.)
  • Take all the arguments after you've altered them (ideally in notepad), and condense them into one line.
    Copy and paste into a command prompt (right-click --> Paste) after you've navigated to the folder with le32.exe.
  • If you receive the following response on your screen, you've set up the parameters correctly:
    Code:
    2017/08/11 22:08:49 [ ZeroSSL Crypt::LE client v0.24 started. ]
    2017/08/11 22:08:49 Loading an account key from account.key
    2017/08/11 22:08:49 Loading a CSR from demo.csr
    2017/08/11 22:08:51 Registering the account key
    2017/08/11 22:08:51 The key is already registered. ID: *******
    2017/08/11 22:08:51 Current contact details: *********@gmail.com
    2017/08/11 22:08:52 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/2gsfhMM-KekeTxKp373hgOj93mjh3FT7JufPQBmL4VA' for domain 'demo.go2.rip'
    2017/08/11 22:08:52 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/7KFbbpCFhU5MveHdr60x83yWv3XcfdHYUbhqtsNavKY' for domain 'www.demo.go2.rip'
    2017/08/11 22:08:55 Domain verification results for 'demo.go2.rip': success.
    2017/08/11 22:08:55 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/2gsfhMM-KekeTxKp373hgOj93mjh3FT7JufPQBmL4VA' file.
    2017/08/11 22:08:57 Domain verification results for 'www.demo.go2.rip': success.
    2017/08/11 22:08:57 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/7KFbbpCFhU5MveHdr60x83yWv3XcfdHYUbhqtsNavKY' file.
    2017/08/11 22:08:57 Requesting domain certificate.
    2017/08/11 22:08:58 Requesting issuer's certificate.
    2017/08/11 22:08:58 Saving the full certificate chain to demo.go2.rip.crt.
    2017/08/11 22:08:58 ===> NOTE: You have been using the test server for this certificate. To issue a valid trusted certificate add --live option.
    2017/08/11 22:08:58 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ]

  • Important note: This certificate is not the one you want to use!!! The second to last log entry tells us what to do next:
    Quote:
    To issue a valid trusted certificate add --live option.

  • So tack on -live to the argument list (only a single dash as the double dash is for Linux use). Adding -live will alter the .crt file.
    The command prompt should now show similar output:
    Code:
    2017/08/11 22:25:47 [ ZeroSSL Crypt::LE client v0.24 started. ]
    2017/08/11 22:25:47 Loading an account key from account.key
    2017/08/11 22:25:47 Loading a CSR from demo.go2.rip.csr
    2017/08/11 22:25:49 Registering the account key
    2017/08/11 22:25:49 The key is already registered. ID: ********
    2017/08/11 22:25:50 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/merGFw9B7azpn72vKNNJqMHh4LpS49vduhhU252vaHM' for domain 'demo.go2.rip'
    2017/08/11 22:25:50 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/1VSyuELTt10xdcYKF5l2Dp-XPY2677XaxTy-mhTyoNI' for domain 'www.demo.go2.rip'
    2017/08/11 22:25:52 Domain verification results for 'demo.go2.rip': success.
    2017/08/11 22:25:52 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/merGFw9B7azpn72vKNNJqMHh4LpS49vduhhU252vaHM' file.
    2017/08/11 22:25:55 Domain verification results for 'www.demo.go2.rip': success.
    2017/08/11 22:25:55 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/1VSyuELTt10xdcYKF5l2Dp-XPY2677XaxTy-mhTyoNI' file.
    2017/08/11 22:25:55 Requesting domain certificate.
    2017/08/11 22:25:55 Requesting issuer's certificate.
    2017/08/11 22:25:55 Saving the full certificate chain to demo.go2.rip.crt.
    2017/08/11 22:25:55 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ]

  • Now that we have a full-fledged certificate file, we will now import the SSL certificate into Abyss.
    Load up the Abyss console in your browser.
  • Go to SSL/TLS Certificates.
    In the Private Keys table, click Add.
  • Create a name for this private key.
    Let's call it 'Abyss-LE' for this example.
    Set action to 'Import'.
    Under key contents, insert the contents of demo.go2.rip.key file (the one created with the -csr-key parameter).
    Click OK.
  • Under Certificates, click Add.
    Give it a name. Again, for example, let's use 'Abyss-LE'.
    Choose your 'Abyss-LE' private key.
    Set 'Type' to 'Signed by a Certification Authority (CA)'.
  • Under Main Certificate, open up demo.go2.rip.crt (the file specified in the -crt parameter).
    You'll notice there are two certificates here. Select only the first one and paste it into Main Certificate.
    The second certificate should be pasted in 'Intermediate Certificate'.
    The CA Root Certificate can be blank.
    Click OK.
    EDIT: You can just copy the ENTIRE file and dump it in the Main Certificate textbox. The result is the same and this way is easier :)
  • Now navigate to your host and click 'General'.
    Under Protocol, select HTTP+HTTPS.
    Select the certificate you created.
    Click OK.
    (If you specified other domains when you created your SSL certificate, repeat this same procedure and use the same certificate for those hosts.)
  • Restart Abyss. Now you're serving HTTP & HTTPS. Congrats!



Note: I made some minor edits with the parameters when running the LE32.exe file (forward/back slashes and trailing slashes) so that the program will function correctly.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org


Last edited by pkSML on Tue Oct 10, 2017 4:23 am; edited 4 times in total
Back to top View user's profile Send private message Visit poster's website
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Sat Aug 12, 2017 4:16 am    Post subject: Reply with quote

Here's another website I've secured with HTTPS in Abyss.




These certificates are good for three months, but you can't renew before 60 days. So I'll have to give an update on how to renew properly when the time comes.

One more thing: To help with debugging, you can test your SSL setup here --> https://www.ssllabs.com/ssltest/.
I highly recommend this before asking, "What did I do wrong?" on the forums :)
And my demo scored an A rating.
(An A+ rating may create compatibility problems for more users.)

_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
Daevon
-


Joined: 04 Jul 2009
Posts: 21

PostPosted: Tue Aug 22, 2017 5:03 pm    Post subject: Thanks! Reply with quote

Thanks for the guide pkSML!
It has been really helpful.

Let's hope native ACME support comes to Abyss.. the problem with Let's Encrypt is the very short certificate life.
Sure, your procedure can be turned into a scheduled task, but things are complicated..

I'm eagerly awaiting for the next revision btw :)

Again, many thanks!
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Thu Aug 24, 2017 10:20 am    Post subject: Reply with quote

Thanks pkSML, you must have spent quite some time digging around and preparing that information. I too am still hoping Abyss will include easy to use auto-updating ACME / Let's Encrypt support in a future update.
Back to top View user's profile Send private message
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Tue Oct 10, 2017 4:18 am    Post subject: Reply with quote

Just a little update to this thread...

I have also secured domains on a Linux box with Let's Encrypt + Abyss. On that installation, I symlinked/soft-linked the certificate & private key files in Abyss' kcstore folder to the files that are saved by the Let's Encrypt client software. (The Linux client auto-renews, so Abyss' kcstore folder stays up to date.)

The only caveat is that Abyss has to be restarted to make use of the updated certificate, as it seems to store the contents of the kcstore folder in RAM when the server is started/restarted. (In other words: Simply restarting the server will refresh ALL the certs and keys to the current directory contents.)

In about a month, I hope to share some info on how to set up an auto-renew script for Let's Encrypt certs on Windows.
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Fri May 18, 2018 1:13 pm    Post subject: ACME/Let's Encrypt support near Beta stage Reply with quote

A new version of Abyss Web Server is in the works and nearing the Beta stage.

It will add native ACME/Let's Encrypt support (among other new capabilities)

Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).

Thanks.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Lithorien
-


Joined: 20 Jun 2004
Posts: 40

PostPosted: Sat May 19, 2018 10:40 pm    Post subject: Re: ACME/Let's Encrypt support near Beta stage Reply with quote

admin wrote:
A new version of Abyss Web Server is in the works and nearing the Beta stage.

It will add native ACME/Let's Encrypt support (among other new capabilities)

Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).

Thanks.


I am absolutely interested in beta testing this feature.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Tue May 22, 2018 5:47 pm    Post subject: Re: ACME/Let's Encrypt support near Beta stage Reply with quote

Lithorien wrote:
I am absolutely interested in beta testing this feature.


Thank you for your offer to help. We will contact you as soon as the Beta will be ready.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
richardyork
-


Joined: 22 Jun 2004
Posts: 410
Location: United Kingdom

PostPosted: Sat May 26, 2018 2:24 pm    Post subject: Reply with quote

I'm also extremely interested in becoming a beta tester if possible please :)
_________________
Please SEARCH the forums BEFORE asking questions!
Back to top View user's profile Send private message
jxxaxxy
-


Joined: 11 Nov 2010
Posts: 42

PostPosted: Sun May 27, 2018 5:52 pm    Post subject: Reply with quote

I am interested in this as well!!!!
Back to top View user's profile Send private message
DavidQ
-


Joined: 28 Jan 2009
Posts: 18

PostPosted: Thu May 31, 2018 11:18 pm    Post subject: Re: ACME/Let's Encrypt support near Beta stage Reply with quote

admin wrote:
A new version of Abyss Web Server is in the works and nearing the Beta stage.

It will add native ACME/Let's Encrypt support (among other new capabilities)

Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).

Thanks.


That sounds great. I'd definitely be interested in exploring the possibility of testing the Beta version.
Back to top View user's profile Send private message
TRUSTAbyss
-


Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA

PostPosted: Thu Jun 14, 2018 11:31 pm    Post subject: Reply with quote

I'd like to test the ACME/Let's Encrypt support as well. ;)
Back to top View user's profile Send private message Visit poster's website
pkSML
-


Joined: 29 May 2006
Posts: 952
Location: Michigan, USA

PostPosted: Tue Jun 19, 2018 12:20 am    Post subject: Reply with quote

I'd be happy to beta test LE also. Thanks!
_________________
Stephen
Need a LitlURL?


http://CodeBin.yi.org
Back to top View user's profile Send private message Visit poster's website
sands
-


Joined: 28 Jun 2018
Posts: 4

PostPosted: Thu Jun 28, 2018 7:40 pm    Post subject: Re: ACME/Let's Encrypt support near Beta stage Reply with quote

admin wrote:
A new version of Abyss Web Server is in the works and nearing the Beta stage.

It will add native ACME/Let's Encrypt support (among other new capabilities)

Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).

Thanks.


i would like to test beta version.. thank you.
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Mon Jul 02, 2018 4:19 pm    Post subject: Re: ACME/Let's Encrypt support near Beta stage Reply with quote

Thank you all for expressing your interest in the Beta of 2.12. Things are moving forward and we're happy to point you to this mini-announce https://aprelium.com/forum/viewtopic.php?p=655187#655187 .
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
MyStereo
-


Joined: 24 Apr 2018
Posts: 2

PostPosted: Fri Dec 21, 2018 6:45 pm    Post subject: SSL for intranet sites? Reply with quote

Hi all --

I'm trying to create a Lets Encrypt certificate for a host I have running on our intranet.

Everything appeared to go fine but when I specified a host IP address the ACME-Bot said this:

Protocol error while processing the ACME order
Error creating new order :: Issuance for IP addresses not supported
(urn:ietf:params:acme:error:malformed)

When I tried it again with the name localhost it said this:

Protocol error while processing the ACME order
Order for localhost (due by 21/Dec/2018:12:22:29 -0500)
Protocol Error

I'm trying to run a custom WebDAV calendar and it really wants to use SSL for the connection so I need to get this to work if I can because it (and Chrome) doesn't like self-signed certs. I can also go into more specifics if necessary.

Thanks for any help!

MS
Back to top View user's profile Send private message
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Sat Dec 22, 2018 10:09 pm    Post subject: Re: SSL for intranet sites? Reply with quote

MyStereo wrote:

Protocol error while processing the ACME order
Error creating new order :: Issuance for IP addresses not supported
(urn:ietf:params:acme:error:malformed)


This error is reported by Let's Encrypt which does not issue certificates for IP addresses. By the way, most certification authorities have the same rule: no SSL/TLS certs for IP addresses.

Quote:

When I tried it again with the name localhost it said this:

Protocol error while processing the ACME order
Order for localhost (due by 21/Dec/2018:12:22:29 -0500)
Protocol Error


You can't issue certiticates for localhost. This is again a limitation from Let's Encrypt. But it makes sense: Let's Encrypt needs to verify that you own your domain name submitted for a free certificate. For that, it sends a challenge to ACME-bot on Abyss Web Server and it expects to contact your server from the Internet to validate the challenge.

How could it contact your localhost which is by definition only valid inside your network?

Let's Encrypt has an article about that specific issue in https://letsencrypt.org/docs/certificates-for-localhost/ and suggests that the only solution is to create a self-signed certificate.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> SSL/Certificates All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group