199 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Open Source Contribution
Fri, Jun 16th 2017 6
Docker Quick Tips
Fri, Apr 28th 2017 2
Notes in 9: Dev Tools Grab Bg
Tue, Apr 4th 2017 0
Custom JSON Serialization With GSON
Mon, Jan 23rd 2017 3
Recapping 2016
Mon, Jan 16th 2017 8
Rebirth: An App of Ice and Fire
Wed, Dec 14th 2016 4
Scripting Server Upgrades
Fri, Nov 11th 2016 7
Top 10
Building Java Objects From JSON
Thu, Jan 22nd 2015 16
Miscellanea
Tue, Oct 6th 2015 8
Recapping 2016
Mon, Jan 16th 2017 8
Something I Overheard at MWLUG
Mon, Aug 31st 2015 7
Scripting Server Upgrades
Fri, Nov 11th 2016 7
SCM Survey Results
Tue, Apr 12th 2016 6
Site Anchors
Wed, Jun 1st 2016 6
Open Source Contribution
Fri, Jun 16th 2017 6
Server REST Consumption with Authentication
Mon, Aug 18th 2014 5
Consistent Multi-Value Formatting
Mon, Aug 11th 2014 5


Manually Renewing HTTPS w/ Let's Encrypt
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Intro

A while back, I rolled a personal project, which is a Node app, to Bluemix for lightweight use. I managed to make use of Let’s Encrypt for the HTTPS certificate, but only after realizing that there was a bit of a manual aspect to it that is the antithesis of an automated script for such things. Ultimately, after finding some information in a blog post form Marky Roden (of all people), I was able to get moving. The only downside wound up being that time passed, and it came time to renew the certificate before my 90 days was up. Thankfully, I had done some minor documenting of the steps I took, which made updating the HTTPS certificate a bit easier. What follows is some of how I configured my application for easier implementation.

The .well-known/acme-challenge Route

As part of the validation process, the Let’s Encrypt / certbot script needs to “call home” to verify your server is who it claims. The exact command I ran with certbot-auto followed the format of:


*note: you can add --dry-run to the end to… perform a “dry run”

Here’s what it looks like when I ran the certbot-auto script:


Marky’s example shows handle established in his Node + Express app, providing a response on the given relative path of <domain>/.well-known/acme-challenge/<uuid-string>. This is something that would require manual updating of the code base, so it’s naturally the first thing I removed. This was a perfect job for a pair of environment variables, in my opinion. I implemented it in the code as such:


This means that so long as my Node app can resove the LETS_ENCRYPT_ROUTE and LETS_ENCRYPT_VERIFICATION values accordingly, I’m in business. This is done rather easily via the “Environment Variables” page of my application’s dashboard, in the “user defined” tab.


Once this is all done, you can replace the certificates for the custom domain with the freshly generated certificates. I added my certificate files (.pem) as the screen shot shows and it looks good in both the Bluemix dashboard and my Chrome inspector.




Sequence of Events

Generally speaking, the order of events to take are:

  • ensure you have the certbot script on the machine you’ll be generating the certificates on
  • ensure your custom domain is set up
  • log into your Bluemix dashboard and go to your environment variables to update with values from the certbot script
  • run the certbot script, obtain the values for the URL path and the response value
  • enter those as the corresponding environment variables (allow for the app to restart, as needed)
  • continue the certbot script, which should now successfully validate

One Hiccup

A strange hiccup I encountered was what I believe to be a false positive in regards to my deletion of the existing (old) certificate. After a few tries, or a minor passage of time, it all rectified itself.


Thoughts

Since Let’s Encrypt is now by all regards widely successful, with over 5 million certificates issued, I can’t help but wonder how easy this should be on any modern PaaS, such as Bluemix. Gone are the days of needing to pay lots of money for an HTTPS certificate, so the automation, configuration, and management of HTTPS certificates on behalf of the user should be a minor formality, not to mention useful. Do note, Bluemix does have a wild card HTTPS certificate which applies to any of its .mybluemix.net addresses, so this is unique to custom domains.


One Last Call For MWLUG

MWLUG 2016 is nearly here. If you’re able to, I really recommend coming to the event, as there are a great many people with a passion for what they do, who are looking to share. It’s been a great event each time I’ve had the pleasure to attend and I’m glad to be going back, and speaking.

You can find me on Friday, the 19th of August, in Ballroom D, from 1:30pm - 2:30pm. It’s my aim to expand a bit on the theme I’ve settled on over the last year, which is a combination of best practices for stability, maintenance, and documentation, along with the incorporation of front-end tooling to enhance the developer’s workflow (full abstract below) and ease the task of multi-platform development capabilities. I hope to see you there! :beers:

BP101: A Modernized Developer’s Workflow with Domino/XPages

Watch, listen, and feel free to follow-along with a full-stack approach to how to build better applications with Domino/XPages, MVC principles in action in the back-end, RESTful API creation, along with advanced framework implementation in the front-end, with advanced tooling to help automate our coding process, unit tests, and even the ability to mock the back-end for front-end development outside of Domino Designer. This session seeks to help developers advance their workflow and produce higher quality, more performant and optimized applications with the Domino server they already have and the modern front-end tooling they want to incorporate.



---------------------
https://edm00se.io/self-promotion/manual-lets-encrypt-renewal-made-easier/
Jul 27, 2016
4 hits



Recent Blog Posts
6
Open Source Contribution
Fri, Jun 16th 2017 5:00p   Eric McCormick
Intro It’s time to clear some of the backlog. I started this post a few months back and it should probably be sent on its way to clear the pile of drafts I haven’t finished yet… 🤔 I have a bit of a passion for open source software. My preferred distribution of Linux has been Ubuntu since 4.10, the Warty Warthog (I was even a minor contributor on a short lived, wildly popular project that aimed at improving the Ubuntu experience early on), I’ve enjoyed most open source projects I’ve
2
Docker Quick Tips
Fri, Apr 28th 2017 3:00p   Eric McCormick
Docker If you have been living under a rock, Docker is pretty much amazing. If you haven’t been living under a rock, you may be getting used to the idea of Docker, but still have the occasional question. I’ve found myself using Docker in increasing amounts and complexity over the last year or so. I’ve recently decided to start recording some of the tasks I’ve found useful, some of which may be less familiar to a beginner. If you’re so inclined, check out the playlist, embedded here.
0
Notes in 9: Dev Tools Grab Bg
Tue, Apr 4th 2017 1:00p   Eric McCormick
Intro I’m on Notes in 9 again, with a “grab bag” of a couple of tools I’ve put together recently that may be of a varying degree of useful for other Domino + XPages developers. You don’t need these to do development, but for the right person, they may help with their development workflow. Also of note, with the upgrade to Swiper with the FP8 release of Notes + Domino Designer, the limitations previously mentioned are no longer there! This means that my second tool I talked about, node-
3
Custom JSON Serialization With GSON
Mon, Jan 23rd 2017 2:00p   Eric McCormick
Intro Here’s a curious one, in which I found myself with a limitation of not being able to output JSON with scientific notation values. wait, what? If you’re wondering why that is, since both JSON and JavaScript allow scientific notation of number values, you are absolutely correct and that’s a great question. The strange thing was that I found myself outputting perfectly valid JSON to be consumed by something specific which didn’t allow scientific notation. I’m not entirely sure wh
8
Recapping 2016
Mon, Jan 16th 2017 3:00p   Eric McCormick
Intro Per usual, I’ve had a little break between things and decided to catch up with a bit of a summary of some recent things that each didn’t necessitate their own post. 2017 IBM Champion For starters, I’m honored to be named an IBM Champion in Collaboration Solutions (/ Social Business) for the third time. This would be a hat trick in (ice) hockey 🏒. I’m happy to be recognized with a group of people, developers and more, who are passionate about both their work and the plat
4
Rebirth: An App of Ice and Fire
Wed, Dec 14th 2016 4:00p   Eric McCormick
Intro If you read my blog for any of the Saga of Servlets series, then I hope that you’re excited I’m returning to the application I put together for it. This time, it’s as a conversation piece in regards to some of the build process modernization I engaged in recently, in order to unify the code base in its git repository. In any case, it’s helping pave the way forward before I update some of the back-end elements, when it will again be a talking point for some additional rework and
7
Scripting Server Upgrades
Fri, Nov 11th 2016 2:00p   Eric McCormick
Intro This one might be slight departure from my usual, but those that have followed my blogging this past year will have noticed a bit more of a leaning towards DevOps in some of my posts. This echoes a lot of what I’ve been concluding as increasingly a necessary part of development; that we need to consider a picture large enough to encompass the themes surrounding development functions and, like any good developer (DRY ~= “lazy”), automate the heck out of it. Overview I had p
0
Everything Old is New Again
Mon, Oct 24th 2016 8:00p   Eric McCormick
Intro Every so often, it’s good to reassess one’s position. This is good from both a standpoint of being inquisitive and even interrogative, but when it comes to the ever changing landscape of the front-end development space, it’s not only inevitable, but must be embraced for what feels the need to “stay afloat”. I’m changing theme of my blog, hopefully for the better. The previous theme was good and did a great job of getting things started, but while I had forked a copy of a good
1
Git Squash
Thu, Oct 20th 2016 8:00a   Eric McCormick
Intro If you’re just here to learn a little about how to “squash” commits with git, skip down a ways. Otherwise, hold on, and I will catch you up on a couple of personal notes before we get there. On the Blog It’s been a little while since I blogged last. This has been due to a combination of reasons; specifically, I’ve been busy with: my family, it was the end of summer with lots of things going on a number of projects around the house (a deck removal and basement remodel
3
MWLUG Success
Wed, Aug 24th 2016 8:37a   Eric McCormick
Intro MWLUG was a great success as far as I’m concerned. Each time I’ve gone I’ve had the great enjoyment of being able to attend some high quality sessions, meet with lots of colleagues and friends from the community, and get a view into products and solutions many people are undertaking, over conversations and interactions outside of the sessions. This is always a great way of interacting with others who were able to make it. Unlike the IBM conference of Connect(EDsphere), this is purel




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition