Skip to main content

Certbot install in AWS EC2 instance Amazon machine image for HA Proxy LB Server

If you try to install certbot you will get a message like below in Amazon machine image EC2 instance.
------------------------------------------------------------
Sorry, I don't know how to bootstrap Certbot on your operating system!

You will need to install OS dependencies, configure virtualenv, and run pip install manually.
Please see https://letsencrypt.readthedocs.org/en/latest/contributing.html#prerequisites
------------------------------------------------------------

Fix:
###

 Amazon Linux 2 doesn't have epel-release in its repositories, but I've found you can install the EPEL RPM package itself, and then you'll be able to install certbot or certbot-nginx from there.
  • Download the RPM
    curl -O http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  • Then install it
    sudo yum install epel-release-latest-7.noarch.rpm
  • Now you can install certbot
    sudo yum install certbot
  • And then run it as usual
    sudo certbot

Now give the below configuration in the /etc/haproxy/haproy.cfg file.
-------------------------------------------

 frontend http_front

  bind *:80
  acl letsencrypt-acl path_beg /.well-known/acme-challenge/

  use_backend letsencrypt-backend if letsencrypt-acl

backend letsencrypt-backend
  server letsencrypt 127.0.0.1:8888
-------------------------------------------
Make sure that the port 8888 , 443 is allowed in your securitygroup.

systemctl restart haproxy

  • Now give the blow command for issuing Letsencrypt certficate: 
    sudo certbot certonly --standalone -d abc.example.com --non-interactive --agree-tos --email jino@youremail.com --http-01-port=8888
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:

    /etc/letsencrypt/live/ndz.abtest.tk/fullchain.pem
   Your key file has been saved at:

   /etc/letsencrypt/live/ndz.abtest.tk/privkey.pem

  • Now concatenate the fullchain and private key file using the below command: 
    cat /etc/letsencrypt/live/abc.example.com/fullchain.pem /etc/letsencrypt/live/abc.example.com/privkey.pem | sudo tee /etc/letsencrypt/live/abc.example.com/abc.example.com-crt.pem

Now add the below line under the bind *:80

 bind *:443 ssl crt /etc/letsencrpt/live/abc.example.com/abc.example.com-crt.pem

 systemctl restart haproxy

Referal URLs:
############
https://serversforhackers.com/c/letsencrypt-with-haproxy
https://serverfault.com/questions/890212/looking-for-a-way-to-get-certbot-running-on-amazon-linux-2

That is all,
Cheers.

Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Setting /etc/hosts entries during the initial deployment of an Application using k8s yaml file

Some times we have to enter specific hosts file entries to the container running inside the POD of a kubernetes deployment during the initial deployment stage itself. If these entries are not in place, the application env variables mentioned in the yaml file , as hostnames , will not resolve to the IP address and the application will not start properly. So to make sure the /etc/hosts file entries are already there after the spin up of the POD you can add the below entries in your yaml file. cat > api-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: spec:   template:     metadata:     spec:       volumes:       containers:       - image: registryserver.jinojoseph.com:5000/jinojosephimage:v1.13         lifecycle:           postStart:             exec:               command:...
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more