| View previous topic :: View next topic |
| Author |
Message |
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
 Posted: Tue Sep 29, 2015 7:02 pm Post subject: Abyss and Let’s Encrypt (a new Certificate Authority) |
 |
|
Hi Aprelium,
I have just heard about Let's Encrypt...
Let’s Encrypt is a new Certificate Authority:
It’s free, automated, and open. Arriving Q4 2015
https://letsencrypt.org/
...(more information below FYI) and wondered if you are aware of it and whether you might consider making Abyss automatically handle the creation, use within Abyss and renewal of their free security certificates?
It seems like it will be a good way of https securing a web site hosted in Abyss without much cost or effort.
I will look forward hearing your thoughts on this.
Thanks,
David
More information...
Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). https://letsencrypt.org/isrg/
The key principles behind Let’s Encrypt are:
Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization. |
|
| Back to top |
  |
 |
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Wed Sep 30, 2015 9:39 am Post subject: |
|
|
I found some more information and it looks like multi-domain certificates will be available...
https://community.letsencrypt.org/t/frequently-asked-questions-faq/26
| Quote: | Can I get a certificate for multiple domain names?
Yes, the same certificate can apply to several different names using the Subject Alternative Name (SAN) mechanism. The Let's Encrypt client automatically requests certificates for multiple names when requested to do so. The resulting certificates will be accepted by browsers for any of the domain names listed in them. |
https://community.letsencrypt.org/t/please-support-multi-domain-ssl-certificates-like-the-ones-on-positivessl/867/4
| Quote: | Please support Multi Domain SSL Certificates like...
ilp.moe
stats.ilp.moe
db.ilp.moe
b.ilp.moe
s.ilp.moe
hack.ilp.moe
im.ilp.moe
toaru-anime.tv
stats.toaru-anime.tv
im.toaru-anime.tv
toaru-music.tv
stats.toaru-music.tv
im.toaru-music.tv
toaru-pic.tv
stats.toaru-pic.tv
im.toaru-pic.tv
That list of domains will be fine for Let's Encrypt. |
|
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Fri Jan 15, 2016 5:18 pm Post subject: |
|
|
Hi,
It seems that Let's Encrypt entered its public beta phase in December 2015...
https://letsencrypt.org/2015/12/03/entering-public-beta.html
I would really appreciate a reply from Aprelium to my question about the possibility of interfacing with this service from Abyss.
Thanks,
David |
|
| Back to top |
|
|
twotone
-
Joined: 18 Jun 2005
Posts: 10
|
| Posted: Tue Feb 09, 2016 8:35 am Post subject: |
|
|
| I would VERY MUCH like to use let's encrypt with Abyss. Any thoughts on Abyss support for this service. This is a first of it's kind - automatic request, signing, installation, and renewal of certificates - FOR FREE. No more expired certificates and lengthy trouble tickets to get renewals installed. |
|
| Back to top |
|
|
twotone
-
Joined: 18 Jun 2005
Posts: 10
|
| Posted: Tue Feb 09, 2016 8:46 am Post subject: |
|
|
This guy has created a windows client for IIS.
https://community.letsencrypt.org/t/how-letsencrypt-work-for-windows-iis/2106/30
He has developed a plugin architecture for his client so plugins can be written for other servers (Such as Abyss). How about it? Anyone up to the task of coding a plugin for Abyss for this guys Let's Encrypt windows client? It's definitely beyond my abilities. |
|
| Back to top |
|
|
lazna
-
Joined: 16 Aug 2015
Posts: 52
|
| Posted: Fri Feb 19, 2016 11:14 am Post subject: |
|
|
+1
Tool for letsencrypt certicate automation for Abyss will be VERY usefull... |
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Fri Mar 04, 2016 11:25 am Post subject: |
|
|
It's been five months since I posted this question. I also emailed and sent private messages to Aprelium and received no reply.
This makes me wonder if all is well at Aprelium. I do hope so. |
|
| Back to top |
|
|
lazna
-
Joined: 16 Aug 2015
Posts: 52
|
| Posted: Sat Mar 26, 2016 4:03 pm Post subject: |
|
|
Have serious doubts, unable to found Aprelium SARL in Tunisian commercional registry..
http://www.registre-commerce.tn |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
|
| Back to top |
 |
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Mon Mar 28, 2016 5:20 pm Post subject: |
|
|
We doubt you did the search using the right form:
* Browse http://www.registre-commerce.tn
* Select "Personne Morale" under "Recherche" in the left panel
* In the displayed form, type "Aprelium" in "Nom commercial"
* Press the "Lancer la Rechecher" button
* You'll get a table with a single row (ours)
* Press on the "eye" icon at the right of the row
* You'll get a page with more details about the company.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Thu Mar 31, 2016 12:15 pm Post subject: |
|
|
| DavidQ wrote: | | I would really appreciate a reply from Aprelium to my question about the possibility of interfacing with this service from Abyss. |
ACME protocol support is planned for version 2.12 (Q4/2016.)
ACME is the protocol used to automatically request certificates from certification authorities such as "Let's Encrypt".
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
lazna
-
Joined: 16 Aug 2015
Posts: 52
|
| Posted: Thu Mar 31, 2016 3:56 pm Post subject: |
|
|
| admin wrote: |
We doubt you did the search using the right form:
* Browse http://www.registre-commerce.tn
* Select "Personne Morale" under "Recherche" in the left panel
* In the displayed form, type "Aprelium" in "Nom commercial"
* Press the "Lancer la Rechecher" button
* You'll get a table with a single row (ours)
* Press on the "eye" icon at the right of the row
* You'll get a page with more details about the company. |
I saw this single row, but not discovered the 'eye' is clickable. Than you for step by step guide.
Glad to see my doubts about Aprelium end days are false...
L. |
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Fri Apr 01, 2016 3:25 pm Post subject: |
|
|
| admin wrote: | ACME protocol support is planned for version 2.12 (Q4/2016.)
ACME is the protocol used to automatically request certificates from certification authorities such as "Let's Encrypt". |
That is really good news! I will look forward to it. |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Tue Dec 13, 2016 11:37 am Post subject: |
|
|
| Hi there. Any word on ACME support for Let's Encrypt? |
|
| Back to top |
|
|
Lawrence
-
Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU
|
| Posted: Thu Dec 29, 2016 7:01 am Post subject: |
|
|
| Yeah I'm pretty keen on this also, I'd very much like to secure a few pages. ^_^ |
|
| Back to top |
 |
|
Daevon
-
Joined: 04 Jul 2009
Posts: 21
|
| Posted: Sat Dec 31, 2016 1:59 pm Post subject: I'd like to see it too! |
|
|
| Thanks Aprelium, and happy new year! |
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Tue Feb 21, 2017 8:26 pm Post subject: |
|
|
It seems the planned version 2.12 release did not arrive in Q4/2016. However, I'm still really looking forward to ACME protocol support and would appreciate a progress update from Aprelium if possible.
Thanks,
David |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 951
Location: Michigan, USA
|
| Posted: Thu Feb 23, 2017 2:40 am Post subject: |
|
|
| DavidQ wrote: | It seems the planned version 2.12 release did not arrive in Q4/2016. However, I'm still really looking forward to ACME protocol support and would appreciate a progress update from Aprelium if possible.
Thanks,
David |
Ditto that! Hope v. 2.12 can come soon with Let's Encrypt functionality.
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
| Back to top |
|
|
Daevon
-
Joined: 04 Jul 2009
Posts: 21
|
| Posted: Sun Feb 26, 2017 1:39 pm Post subject: Hope |
|
|
| I too hope for that update, but I also wrote support more than a month ago and got no reply whatsoever...:( |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Fri Apr 07, 2017 11:16 pm Post subject: |
|
|
| Just bumping this up, wondering if there's any response from the support team about ACME support? |
|
| Back to top |
|
|
Lawrence
-
Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU
|
| Posted: Thu Apr 13, 2017 1:47 am Post subject: |
|
|
| I'm anxiously waiting for this too. Being able to support the users of my websites with some encryption seems pretty important these days. |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Fri Apr 14, 2017 11:39 pm Post subject: |
|
|
| Lawrence wrote: | | I'm anxiously waiting for this too. Being able to support the users of my websites with some encryption seems pretty important these days. |
I just re-upped for 2 years of support, I'm hoping that a little bit of money might bring them back here to see there are still some users who are willing to pay and who want to see development continue. |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Thu Jul 06, 2017 9:50 pm Post subject: |
|
|
| Just popping in with an update request: Been a while since we've heard from Aprelium staff about how development is going. Any updates? |
|
| Back to top |
|
|
lazna
-
Joined: 16 Aug 2015
Posts: 52
|
| Posted: Sun Jul 09, 2017 10:07 pm Post subject: |
|
|
| The version 2 of ACME protocol is adding wildcard certificates for subdomains. |
|
| Back to top |
|
|
Daevon
-
Joined: 04 Jul 2009
Posts: 21
|
| Posted: Tue Jul 11, 2017 1:06 pm Post subject: any hope? |
|
|
I wrote both to contacts and support more than 3 times in the last 14 months, and never got an answer.
Paying users like Lithorien should at least get an answer.. but since none has been given, I fear for the worst... |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Fri Aug 11, 2017 7:35 pm Post subject: Re: any hope? |
|
|
| Daevon wrote: | I wrote both to contacts and support more than 3 times in the last 14 months, and never got an answer.
Paying users like Lithorien should at least get an answer.. but since none has been given, I fear for the worst... |
I was able to get an answer through email through the priority support account, here's the relevant snippet:
| Quote: | ACME is on our todo list for a future revision. HTTP/2 support is on
that same list too.
We cannot provide you with an exact ETA for that new version but we
think it could be ready before the end of 2017. |
Don't give up hope! |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 951
Location: Michigan, USA
|
| Posted: Sat Aug 12, 2017 4:15 am Post subject: |
|
|
Hey all. Just wanted to let you know I got Let's Encrypt working with Abyss on Windows! There's a little bit of rig-a-ma-roll to make it happen, but it's not too complicated.
I hope to be posting a better tutorial within a few weeks.
Steps:
- Download Crypt-LE --> http://litlurl.net/Crypt-LE
From the latest release, download le32.zip or le64.zip, depending on your operating system (32/64 bit).
- Extract the zip file to a folder of your choice on your server. It must be a writable directory.
- In your router, forward TCP port 443 to your server (like you've already done for port 80).
- For any domain you want to get an SSL certificate, you must create two folders in the web root directory.
Create a directory called:
Windows Explorer won't allow you to do this. The workaround is to append a period at the end of the directory name.
For example, type in:
Create a directory inside the .well-known directory named:
You should be able to navigate to YOUR_WEB_ROOT_FOLDER\.well-known\acme-challenge
Remember: Do this for every domain you want to enable SSL for.
Now build your argument list for le32.exe (or le64.exe).
Here's some code to get started with:
| Code: | le32.exe
-key account.key
-email your_email@server.com
-csr demo.go2.rip.csr
-csr-key demo.go2.rip.key
-crt demo.go2.rip.crt
-domains "demo.go2.rip,www.demo.go2.rip"
-generate-missing
-path "c:/web_docs/demo.go2.rip/.well-known/acme-challenge/,c:/web_docs/demo.go2.rip/.well-known/acme-challenge/"
|
*Change to your email address. This is an optional parameter, but it's for "email for expiration notifications".
*The parameters key, csr, csr-key, and crt define files that will be created in the folder where le32.exe resides.
*Note: Every time you create certificates with this program, use the same account.key file.
*Note: You can specify several domains in the domain parameter. Make sure to put the corresponding path in the path parameter.
The first domain corresponds to the first path and the second domain corresponds to the second path, etc.
(In my example, the root domain and www subdomain have the same root.)
Take all the arguments after you've altered them (ideally in notepad), and condense them into one line.
Copy and paste into a command prompt (right-click --> Paste) after you've navigated to the folder with le32.exe.
If you receive the following response on your screen, you've set up the parameters correctly:
| Code: | 2017/08/11 22:08:49 [ ZeroSSL Crypt::LE client v0.24 started. ]
2017/08/11 22:08:49 Loading an account key from account.key
2017/08/11 22:08:49 Loading a CSR from demo.csr
2017/08/11 22:08:51 Registering the account key
2017/08/11 22:08:51 The key is already registered. ID: *******
2017/08/11 22:08:51 Current contact details: *********@gmail.com
2017/08/11 22:08:52 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/2gsfhMM-KekeTxKp373hgOj93mjh3FT7JufPQBmL4VA' for domain 'demo.go2.rip'
2017/08/11 22:08:52 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/7KFbbpCFhU5MveHdr60x83yWv3XcfdHYUbhqtsNavKY' for domain 'www.demo.go2.rip'
2017/08/11 22:08:55 Domain verification results for 'demo.go2.rip': success.
2017/08/11 22:08:55 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/2gsfhMM-KekeTxKp373hgOj93mjh3FT7JufPQBmL4VA' file.
2017/08/11 22:08:57 Domain verification results for 'www.demo.go2.rip': success.
2017/08/11 22:08:57 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/7KFbbpCFhU5MveHdr60x83yWv3XcfdHYUbhqtsNavKY' file.
2017/08/11 22:08:57 Requesting domain certificate.
2017/08/11 22:08:58 Requesting issuer's certificate.
2017/08/11 22:08:58 Saving the full certificate chain to demo.go2.rip.crt.
2017/08/11 22:08:58 ===> NOTE: You have been using the test server for this certificate. To issue a valid trusted certificate add --live option.
2017/08/11 22:08:58 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ] |
Important note: This certificate is not the one you want to use!!! The second to last log entry tells us what to do next:
| Quote: | | To issue a valid trusted certificate add --live option. |
So tack on -live to the argument list (only a single dash as the double dash is for Linux use). Adding -live will alter the .crt file.
The command prompt should now show similar output:
| Code: | 2017/08/11 22:25:47 [ ZeroSSL Crypt::LE client v0.24 started. ]
2017/08/11 22:25:47 Loading an account key from account.key
2017/08/11 22:25:47 Loading a CSR from demo.go2.rip.csr
2017/08/11 22:25:49 Registering the account key
2017/08/11 22:25:49 The key is already registered. ID: ********
2017/08/11 22:25:50 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/merGFw9B7azpn72vKNNJqMHh4LpS49vduhhU252vaHM' for domain 'demo.go2.rip'
2017/08/11 22:25:50 Successfully saved a challenge file 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/1VSyuELTt10xdcYKF5l2Dp-XPY2677XaxTy-mhTyoNI' for domain 'www.demo.go2.rip'
2017/08/11 22:25:52 Domain verification results for 'demo.go2.rip': success.
2017/08/11 22:25:52 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/merGFw9B7azpn72vKNNJqMHh4LpS49vduhhU252vaHM' file.
2017/08/11 22:25:55 Domain verification results for 'www.demo.go2.rip': success.
2017/08/11 22:25:55 You can now delete the 'c:\web_docs\demo.go2.rip\.well-known\acme-challenge/1VSyuELTt10xdcYKF5l2Dp-XPY2677XaxTy-mhTyoNI' file.
2017/08/11 22:25:55 Requesting domain certificate.
2017/08/11 22:25:55 Requesting issuer's certificate.
2017/08/11 22:25:55 Saving the full certificate chain to demo.go2.rip.crt.
2017/08/11 22:25:55 The job is done, enjoy your certificate! For feedback and bug reports contact us at [ https://ZeroSSL.com | https://Do-Know.com ] |
Now that we have a full-fledged certificate file, we will now import the SSL certificate into Abyss.
Load up the Abyss console in your browser.
Go to SSL/TLS Certificates.
In the Private Keys table, click Add.
Create a name for this private key.
Let's call it 'Abyss-LE' for this example.
Set action to 'Import'.
Under key contents, insert the contents of demo.go2.rip.key file (the one created with the -csr-key parameter).
Click OK.
Under Certificates, click Add.
Give it a name. Again, for example, let's use 'Abyss-LE'.
Choose your 'Abyss-LE' private key.
Set 'Type' to 'Signed by a Certification Authority (CA)'.
Under Main Certificate, open up demo.go2.rip.crt (the file specified in the -crt parameter).
You'll notice there are two certificates here. Select only the first one and paste it into Main Certificate.
The second certificate should be pasted in 'Intermediate Certificate'.
The CA Root Certificate can be blank.
Click OK.
EDIT: You can just copy the ENTIRE file and dump it in the Main Certificate textbox. The result is the same and this way is easier :)
Now navigate to your host and click 'General'.
Under Protocol, select HTTP+HTTPS.
Select the certificate you created.
Click OK.
(If you specified other domains when you created your SSL certificate, repeat this same procedure and use the same certificate for those hosts.)
Restart Abyss. Now you're serving HTTP & HTTPS. Congrats!
Note: I made some minor edits with the parameters when running the LE32.exe file (forward/back slashes and trailing slashes) so that the program will function correctly.
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org
Last edited by pkSML on Tue Oct 10, 2017 4:23 am; edited 4 times in total |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 951
Location: Michigan, USA
|
| Posted: Sat Aug 12, 2017 4:16 am Post subject: |
|
|
Here's another website I've secured with HTTPS in Abyss.
These certificates are good for three months, but you can't renew before 60 days. So I'll have to give an update on how to renew properly when the time comes.
One more thing: To help with debugging, you can test your SSL setup here --> https://www.ssllabs.com/ssltest/.
I highly recommend this before asking, "What did I do wrong?" on the forums :)
And my demo scored an A rating.
(An A+ rating may create compatibility problems for more users.)
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
| Back to top |
|
|
Daevon
-
Joined: 04 Jul 2009
Posts: 21
|
| Posted: Tue Aug 22, 2017 5:03 pm Post subject: Thanks! |
|
|
Thanks for the guide pkSML!
It has been really helpful.
Let's hope native ACME support comes to Abyss.. the problem with Let's Encrypt is the very short certificate life.
Sure, your procedure can be turned into a scheduled task, but things are complicated..
I'm eagerly awaiting for the next revision btw :)
Again, many thanks! |
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Thu Aug 24, 2017 10:20 am Post subject: |
|
|
| Thanks pkSML, you must have spent quite some time digging around and preparing that information. I too am still hoping Abyss will include easy to use auto-updating ACME / Let's Encrypt support in a future update. |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 951
Location: Michigan, USA
|
| Posted: Tue Oct 10, 2017 4:18 am Post subject: |
|
|
Just a little update to this thread...
I have also secured domains on a Linux box with Let's Encrypt + Abyss. On that installation, I symlinked/soft-linked the certificate & private key files in Abyss' kcstore folder to the files that are saved by the Let's Encrypt client software. (The Linux client auto-renews, so Abyss' kcstore folder stays up to date.)
The only caveat is that Abyss has to be restarted to make use of the updated certificate, as it seems to store the contents of the kcstore folder in RAM when the server is started/restarted. (In other words: Simply restarting the server will refresh ALL the certs and keys to the current directory contents.)
In about a month, I hope to share some info on how to set up an auto-renew script for Let's Encrypt certs on Windows.
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Fri May 18, 2018 1:13 pm Post subject: ACME/Let's Encrypt support near Beta stage |
|
|
A new version of Abyss Web Server is in the works and nearing the Beta stage.
It will add native ACME/Let's Encrypt support (among other new capabilities)
Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).
Thanks.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
Lithorien
-
Joined: 20 Jun 2004
Posts: 38
|
| Posted: Sat May 19, 2018 10:40 pm Post subject: Re: ACME/Let's Encrypt support near Beta stage |
|
|
| admin wrote: | A new version of Abyss Web Server is in the works and nearing the Beta stage.
It will add native ACME/Let's Encrypt support (among other new capabilities)
Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).
Thanks. |
I am absolutely interested in beta testing this feature. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Tue May 22, 2018 5:47 pm Post subject: Re: ACME/Let's Encrypt support near Beta stage |
|
|
| Lithorien wrote: | | I am absolutely interested in beta testing this feature. |
Thank you for your offer to help. We will contact you as soon as the Beta will be ready.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
richardyork
-
Joined: 22 Jun 2004
Posts: 410
Location: United Kingdom
|
| Posted: Sat May 26, 2018 2:24 pm Post subject: |
|
|
I'm also extremely interested in becoming a beta tester if possible please :)
_________________
Please SEARCH the forums BEFORE asking questions! |
|
| Back to top |
|
|
jxxaxxy
-
Joined: 11 Nov 2010
Posts: 42
|
| Posted: Sun May 27, 2018 5:52 pm Post subject: |
|
|
| I am interested in this as well!!!! |
|
| Back to top |
|
|
DavidQ
-
Joined: 28 Jan 2009
Posts: 18
|
| Posted: Thu May 31, 2018 11:18 pm Post subject: Re: ACME/Let's Encrypt support near Beta stage |
|
|
| admin wrote: | A new version of Abyss Web Server is in the works and nearing the Beta stage.
It will add native ACME/Let's Encrypt support (among other new capabilities)
Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).
Thanks. |
That sounds great. I'd definitely be interested in exploring the possibility of testing the Beta version. |
|
| Back to top |
|
|
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Jun 14, 2018 11:31 pm Post subject: |
|
|
| I'd like to test the ACME/Let's Encrypt support as well. ;) |
|
| Back to top |
|
|
pkSML
-
Joined: 29 May 2006
Posts: 951
Location: Michigan, USA
|
| Posted: Tue Jun 19, 2018 12:20 am Post subject: |
|
|
I'd be happy to beta test LE also. Thanks!
_________________
Stephen
Need a LitlURL?
http://CodeBin.yi.org |
|
| Back to top |
|
|
sands
-
Joined: 28 Jun 2018
Posts: 4
|
| Posted: Thu Jun 28, 2018 7:40 pm Post subject: Re: ACME/Let's Encrypt support near Beta stage |
|
|
| admin wrote: | A new version of Abyss Web Server is in the works and nearing the Beta stage.
It will add native ACME/Let's Encrypt support (among other new capabilities)
Since this is a huge new feature, we'll welcome any help testing it. If you are interested to get the new Beta version when available, please let us know (a reply to this message or an email with a reference to this thread would suffice).
Thanks. |
i would like to test beta version.. thank you. |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
|
| Back to top |
|
|
MyStereo
-
Joined: 24 Apr 2018
Posts: 2
|
| Posted: Fri Dec 21, 2018 6:45 pm Post subject: SSL for intranet sites? |
|
|
Hi all --
I'm trying to create a Lets Encrypt certificate for a host I have running on our intranet.
Everything appeared to go fine but when I specified a host IP address the ACME-Bot said this:
Protocol error while processing the ACME order
Error creating new order :: Issuance for IP addresses not supported
(urn:ietf:params:acme:error:malformed)
When I tried it again with the name localhost it said this:
Protocol error while processing the ACME order
Order for localhost (due by 21/Dec/2018:12:22:29 -0500)
Protocol Error
I'm trying to run a custom WebDAV calendar and it really wants to use SSL for the connection so I need to get this to work if I can because it (and Chrome) doesn't like self-signed certs. I can also go into more specifics if necessary.
Thanks for any help!
MS |
|
| Back to top |
|
|
admin
Site Admin
Joined: 03 Mar 2002
Posts: 1286
|
| Posted: Sat Dec 22, 2018 10:09 pm Post subject: Re: SSL for intranet sites? |
|
|
| MyStereo wrote: |
Protocol error while processing the ACME order
Error creating new order :: Issuance for IP addresses not supported
(urn:ietf:params:acme:error:malformed)
|
This error is reported by Let's Encrypt which does not issue certificates for IP addresses. By the way, most certification authorities have the same rule: no SSL/TLS certs for IP addresses.
| Quote: |
When I tried it again with the name localhost it said this:
Protocol error while processing the ACME order
Order for localhost (due by 21/Dec/2018:12:22:29 -0500)
Protocol Error
|
You can't issue certiticates for localhost. This is again a limitation from Let's Encrypt. But it makes sense: Let's Encrypt needs to verify that you own your domain name submitted for a free certificate. For that, it sends a challenge to ACME-bot on Abyss Web Server and it expects to contact your server from the Internet to validate the challenge.
How could it contact your localhost which is by definition only valid inside your network?
Let's Encrypt has an article about that specific issue in https://letsencrypt.org/docs/certificates-for-localhost/ and suggests that the only solution is to create a self-signed certificate.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
| Back to top |
|
|
|
@abyssws