191 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Recapping 2016
Mon, Jan 16th 2017 108
Rebirth: An App of Ice and Fire
Wed, Dec 14th 2016 4
Scripting Server Upgrades
Fri, Nov 11th 2016 3
Everything Old is New Again
Mon, Oct 24th 2016 6
Git Squash
Thu, Oct 20th 2016 8
MWLUG Success
Wed, Aug 24th 2016 4
Manually Renewing HTTPS w/ Let's Encrypt
Wed, Jul 27th 2016 3
Top 10
Recapping 2016
Mon, Jan 16th 2017 108
Building Java Objects From JSON
Thu, Jan 22nd 2015 10
Git Squash
Thu, Oct 20th 2016 8
Everything Old is New Again
Mon, Oct 24th 2016 6
What's an SPA?
Mon, Sep 29th 2014 4
Community, Coding
Sun, Aug 31st 2014 4
Blue Chalky Soup
Mon, Feb 2nd 2015 4
MWLUG Success
Wed, Aug 24th 2016 4
Rebirth: An App of Ice and Fire
Wed, Dec 14th 2016 4
A Quick Note on JARs
Mon, Feb 9th 2015 3


Manually Renewing HTTPS w/ Let's Encrypt
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

Intro

A while back, I rolled a personal project, which is a Node app, to Bluemix for lightweight use. I managed to make use of Let’s Encrypt for the HTTPS certificate, but only after realizing that there was a bit of a manual aspect to it that is the antithesis of an automated script for such things. Ultimately, after finding some information in a blog post form Marky Roden (of all people), I was able to get moving. The only downside wound up being that time passed, and it came time to renew the certificate before my 90 days was up. Thankfully, I had done some minor documenting of the steps I took, which made updating the HTTPS certificate a bit easier. What follows is some of how I configured my application for easier implementation.

The .well-known/acme-challenge Route

As part of the validation process, the Let’s Encrypt / certbot script needs to “call home” to verify your server is who it claims. The exact command I ran with certbot-auto followed the format of:


*note: you can add --dry-run to the end to… perform a “dry run”

Here’s what it looks like when I ran the certbot-auto script:


Marky’s example shows handle established in his Node + Express app, providing a response on the given relative path of <domain>/.well-known/acme-challenge/<uuid-string>. This is something that would require manual updating of the code base, so it’s naturally the first thing I removed. This was a perfect job for a pair of environment variables, in my opinion. I implemented it in the code as such:


This means that so long as my Node app can resove the LETS_ENCRYPT_ROUTE and LETS_ENCRYPT_VERIFICATION values accordingly, I’m in business. This is done rather easily via the “Environment Variables” page of my application’s dashboard, in the “user defined” tab.


Once this is all done, you can replace the certificates for the custom domain with the freshly generated certificates. I added my certificate files (.pem) as the screen shot shows and it looks good in both the Bluemix dashboard and my Chrome inspector.




Sequence of Events

Generally speaking, the order of events to take are:

  • ensure you have the certbot script on the machine you’ll be generating the certificates on
  • ensure your custom domain is set up
  • log into your Bluemix dashboard and go to your environment variables to update with values from the certbot script
  • run the certbot script, obtain the values for the URL path and the response value
  • enter those as the corresponding environment variables (allow for the app to restart, as needed)
  • continue the certbot script, which should now successfully validate

One Hiccup

A strange hiccup I encountered was what I believe to be a false positive in regards to my deletion of the existing (old) certificate. After a few tries, or a minor passage of time, it all rectified itself.


Thoughts

Since Let’s Encrypt is now by all regards widely successful, with over 5 million certificates issued, I can’t help but wonder how easy this should be on any modern PaaS, such as Bluemix. Gone are the days of needing to pay lots of money for an HTTPS certificate, so the automation, configuration, and management of HTTPS certificates on behalf of the user should be a minor formality, not to mention useful. Do note, Bluemix does have a wild card HTTPS certificate which applies to any of its .mybluemix.net addresses, so this is unique to custom domains.


One Last Call For MWLUG

MWLUG 2016 is nearly here. If you’re able to, I really recommend coming to the event, as there are a great many people with a passion for what they do, who are looking to share. It’s been a great event each time I’ve had the pleasure to attend and I’m glad to be going back, and speaking.

You can find me on Friday, the 19th of August, in Ballroom D, from 1:30pm - 2:30pm. It’s my aim to expand a bit on the theme I’ve settled on over the last year, which is a combination of best practices for stability, maintenance, and documentation, along with the incorporation of front-end tooling to enhance the developer’s workflow (full abstract below) and ease the task of multi-platform development capabilities. I hope to see you there! :beers:

BP101: A Modernized Developer’s Workflow with Domino/XPages

Watch, listen, and feel free to follow-along with a full-stack approach to how to build better applications with Domino/XPages, MVC principles in action in the back-end, RESTful API creation, along with advanced framework implementation in the front-end, with advanced tooling to help automate our coding process, unit tests, and even the ability to mock the back-end for front-end development outside of Domino Designer. This session seeks to help developers advance their workflow and produce higher quality, more performant and optimized applications with the Domino server they already have and the modern front-end tooling they want to incorporate.



---------------------
https://edm00se.io/self-promotion/manual-lets-encrypt-renewal-made-easier/
Jul 27, 2016
4 hits



Recent Blog Posts
108
Recapping 2016
Mon, Jan 16th 2017 3:00p   Eric McCormick
Intro Per usual, I’ve had a little break between things and decided to catch up with a bit of a summary of some recent things that each didn’t necessitate their own post. 2017 IBM Champion For starters, I’m honored to be named an IBM Champion in Collaboration Solutions (/ Social Business) for the third time. This would be a hat trick in (ice) hockey 🏒. I’m happy to be recognized with a group of people, developers and more, who are passionate about both their work and the plat
4
Rebirth: An App of Ice and Fire
Wed, Dec 14th 2016 4:00p   Eric McCormick
Intro If you read my blog for any of the Saga of Servlets series, then I hope that you’re excited I’m returning to the application I put together for it. This time, it’s as a conversation piece in regards to some of the build process modernization I engaged in recently, in order to unify the code base in its git repository. In any case, it’s helping pave the way forward before I update some of the back-end elements, when it will again be a talking point for some additional rework and
3
Scripting Server Upgrades
Fri, Nov 11th 2016 2:00p   Eric McCormick
Intro This one might be slight departure from my usual, but those that have followed my blogging this past year will have noticed a bit more of a leaning towards DevOps in some of my posts. This echoes a lot of what I’ve been concluding as increasingly a necessary part of development; that we need to consider a picture large enough to encompass the themes surrounding development functions and, like any good developer (DRY ~= “lazy”), automate the heck out of it. Overview I had p
6
Everything Old is New Again
Mon, Oct 24th 2016 8:00p   Eric McCormick
Intro Every so often, it’s good to reassess one’s position. This is good from both a standpoint of being inquisitive and even interrogative, but when it comes to the ever changing landscape of the front-end development space, it’s not only inevitable, but must be embraced for what feels the need to “stay afloat”. I’m changing theme of my blog, hopefully for the better. The previous theme was good and did a great job of getting things started, but while I had forked a copy of a good
8
Git Squash
Thu, Oct 20th 2016 8:00a   Eric McCormick
Intro If you’re just here to learn a little about how to “squash” commits with git, skip down a ways. Otherwise, hold on, and I will catch you up on a couple of personal notes before we get there. On the Blog It’s been a little while since I blogged last. This has been due to a combination of reasons; specifically, I’ve been busy with: my family, it was the end of summer with lots of things going on a number of projects around the house (a deck removal and basement remodel
4
MWLUG Success
Wed, Aug 24th 2016 8:37a   Eric McCormick
Intro MWLUG was a great success as far as I’m concerned. Each time I’ve gone I’ve had the great enjoyment of being able to attend some high quality sessions, meet with lots of colleagues and friends from the community, and get a view into products and solutions many people are undertaking, over conversations and interactions outside of the sessions. This is always a great way of interacting with others who were able to make it. Unlike the IBM conference of Connect(EDsphere), this is purel
4
Manually Renewing HTTPS w/ Let's Encrypt
Wed, Jul 27th 2016 10:40a   Eric McCormick
Intro A while back, I rolled a personal project, which is a Node app, to Bluemix for lightweight use. I managed to make use of Let’s Encrypt for the HTTPS certificate, but only after realizing that there was a bit of a manual aspect to it that is the antithesis of an automated script for such things. Ultimately, after finding some information in a blog post form Marky Roden (of all people), I was able to get moving. The only downside wound up being that time passed, and it came time to renew
3
Eric and the Quest for More Coffee, pt.2
Fri, Jul 15th 2016 4:17p   Eric McCormick
Posted in the “aside” category. Submissions There were three submissions via the Google Form, and a couple more form messages via social media. Honestly, I had debated either a nondescript or far more overt mug w/ the likeness of one of the more iconic of H.P. Lovecraft’s imaginations, but this seemed a bit over the top. Suggested were: a replacement for my alma matter a Go Army, Beat Navy mug (which was never my thing) this gem from shop.Scotch.io (again, pretty overt)
2
Git History Searching
Tue, Jul 12th 2016 10:00a   Eric McCormick
First, A Shout-Out The recording of the session called “Normalizing XPages Web Development” that Shean P. McManus and I gave at the 2-day, virtual ICONUS (formerly IamLUG) event this year is now available from “Archive and Replays”. If you missed it, I recommend checking it out, it’s a great benefit of ICONUS and I hope that those who did get a chance to attend enjoyed the subject material. We covered a lot of ground and were able to demonstrate what is, in my opinion, one of the grea
0
Eric and the Quest for More Coffee
Thu, Jul 7th 2016 11:43a   Eric McCormick
Intro This post has little, if anything, to do with coding. I’m posting it in my “aside” category, which should be a giveaway for this sort of occasional thing. In Memoriam My trusty coffee mug, which has been with me since prior to graduating university, has served me well. Sadly, after a fateful day involving being knocked over and rolling off of the desk, it landed, handle first, onto the floor. While surgery (sugru-ry?) was able to restore most function to the mug, it retained a d




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition