Skip to main content

Certbot install in AWS EC2 instance Amazon machine image for HA Proxy LB Server

If you try to install certbot you will get a message like below in Amazon machine image EC2 instance.
------------------------------------------------------------
Sorry, I don't know how to bootstrap Certbot on your operating system!

You will need to install OS dependencies, configure virtualenv, and run pip install manually.
Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
------------------------------------------------------------

Fix:
###

 Amazon Linux 2 doesn't have epel-release in its repositories, but I've found you can install the EPEL RPM package itself, and then you'll be able to install certbot or certbot-nginx from there.
  • Download the RPM
    curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  • Then install it
    sudo yum install epel-release-latest-7.noarch.rpm
  • Now you can install certbot
    sudo yum install certbot
  • And then run it as usual
    sudo certbot

Now give the below configuration in the /etc/haproxy/haproy.cfg file.
-------------------------------------------

 frontend http_front

  bind *:80
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/

  use_backend letsencrypt-backend if letsencrypt-acl

backend letsencrypt-backend
  server letsencrypt 127.0.0.1:8888
-------------------------------------------
Make sure that the port 8888 , 443 is allowed in your securitygroup.

systemctl restart haproxy

  • Now give the blow command for issuing Letsencrypt certficate: 
    sudo certbot certonly --standalone -d abc.example.com --non-interactive --agree-tos --email jino@youremail.com --http-01-port=8888
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:

    /etc/letsencrypt/live/ndz.abtest.tk/fullchain.pem
   Your key file has been saved at:

   /etc/letsencrypt/live/ndz.abtest.tk/privkey.pem

  • Now concatenate the fullchain and private key file using the below command: 
    cat /etc/letsencrypt/live/abc.example.com/fullchain.pem /etc/letsencrypt/live/abc.example.com/privkey.pem | sudo tee /etc/letsencrypt/live/abc.example.com/abc.example.com-crt.pem

Now add the below line under the bind *:80

 bind *:443 ssl crt /etc/letsencrpt/live/abc.example.com/abc.example.com-crt.pem

 systemctl restart haproxy

Referal URLs:
############
https://serversforhackers.com/c/letsencrypt-with-haproxy
https://serverfault.com/questions/890212/looking-for-a-way-to-get-certbot-running-on-amazon-linux-2

That is all,
Cheers.

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Nginx Ingress controller setup in K8S MultiNode Cluster with HA-Proxy as External LB

https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/installation.md Pre-requisites: ############### >> K8s cluster setup with 1 Master and 2 Worker nodes. >> Deployed an application with Deployment name "client-sb" >> Also you need to create an HA-proxy server by spinning an Ec2 instance. After login the Ha-proxy server. # yum install haproxy # vi /etc/haproxy/haproxy.cfg delete everything after the global and defaults starting from "Main front-end which proxys to the backend" paste the below code in the end of the file: --------------------- frontend http_front   bind *:80   stats uri /haproxy?stats   default_backend http_back backend http_back   balance roundrobin   server kube 10.0.1.14:80   server kube 10.0.1.12:80 --------------------- # systemctl status haproxy # systemctl enable haproxy # systemctl start haproxy 1. Create a Namespace, a SA, the Default Secret, the Customization Confi...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more