Develop Reference

Bitnami Worpdress Lets Encrypt Wildcard Certificate

I am having real troubles with a wildcard certificate for a server. It is a server on AWS running the Bitnami WordPress Multisite.
I was able to install the wildcard certificate, but when the renewal was due the process didn't seem to be in place. I have tried to run this manually with:
GODADDY_API_KEY={someKey} \
GODADDY_API_SECRET={someSecret} \
sudo /opt/bitnami/letsencrypt/lego --email="admin#domain.com" --domains="*.domain.com" --domains="domain.com" --dns godaddy --path="/opt/bitnami/letsencrypt" renew
But I keep getting the same issue:
godaddy: some credentials information are missing: GODADDY_API_KEY,GODADDY_API_SECRET
Any ideas?
I have tried to run the code in a shell script
godaddy.sh
GODADDY_API_KEY={someKey} \
GODADDY_API_SECRET={someSecret} \
sudo /opt/bitnami/letsencrypt/lego --email="admin#domain.com" --domains="*.domain.com" --domains="domain.com" --dns godaddy --path="/opt/bitnami/letsencrypt" renew
Same result
Also tried godaddy.sh
export GODADDY_API_KEY "{someKey}"
export GODADDY_API_SECRET "{someSecret}"
sudo /opt/bitnami/letsencrypt/lego --email="admin#domain.com" --domains="*.domain.com" --domains="domain.com" --dns godaddy --path="/opt/bitnami/letsencrypt" renew

How to Install SSL on AWS EC2 WordPress Site

I've created and launched my WordPress site on AWS using EC2. I followed this tutorial to create the site. Its currently mapped to a domain using Route 53. All development on the site is done online in my instance.
I would now like to install an SSL Certificate on my site. How would I do so?

If you created WordPress on AWS using "Bitnami",
you may ssh to your instance and run:
sudo /opt/bitnami/bncert-tool
See bitnami docs for details

If you're looking for easy and free solution, try https://letsencrypt.org/. They have a easy to follow doc for anyone.
TLDR; Head to https://certbot.eff.org/, choose your OS and server type and they will give you 4-5 line installation to install certificate automatically.
Before attempting, make sure your domain name is correctly pointed to your EC2 using Route53 or Elastic IP.
For example, here's all you need to run to automatically get and install SSL on a Ubuntu EC2 running nginx
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Best of luck!

This tutorial provides a simple 3 step guide to setting up your Wordpress on AWS using LetsEncrypt / Certbot:
https://blog.brainycheetah.com/index.php/2018/11/02/wordpress-switching-to-https-ssl-hosted-on-aws/
Step 1: Get SSl certificate
Step 2: Configure redirects
Step 3: Update firewall
At each stage replace 'example.com' with your own site address.
Install certbot:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache
Create certificates:
$ sudo certbot --apache -m admin#example.com -d example.com -d www.example.com
To configure redirects, first open the wp-config file:
$ sudo vim /var/www/html/example.com/wp-config.php
Insert the following above the "stop editing" comment line:
// HTTPS configuration
define('WP_HOME','https://example.com');
define('WP_SITEURL','https://example.com');
define('FORCE_SSL_ADMIN', true);
And finally, update firewall via the AWS console:
Login to your AWS control panel for your EC2 / Lightsail instance
Select the Networking tab Within the Firewall section, just below
the table
Select Add another
Custom and TCP should be pre-populated within the first two fields by default, leave these as they are
Within the Port range field enter 443 Select Save
Then just reload your apache config:
sudo service apache2 reload
And you should be good to go.

According to the Tutorial, since you have configured only an EC2 instance, direct approach is to purchase a SSL certificate and install it into apache server. For detailed steps follow the tutorial
HOW TO ADD SSL AND HTTPS IN WORDPRESS
How to Add SSL and HTTPS in WordPress.
If you plan to use AWS Certificate Manager issued free SSL certificates, then it requires either to configure a Elastic Load Balancer or the CDN CloudFront. This can get complicated if you are new to AWS. If you plan to give it a try with AWS Cloudfront, follow the steps in How To Use Your Own Secure Domain with CloudFront.
Using Cloudfront also provides a boost in performance since it caches your content and reduces the load from your EC2 instance. However one of the challenges you will face is to avoid mixcontent issues. There are WordPress plugins that are capable of resolving mixcontent issues, so do try them out.

This is how I enabled SSL on my WordPress website.
I have used the Lets Encyprpt X.509 Certificates. Lets Encrypt is a certificate authority that provides x.509 Certificates in an automated fashion for free. You can find more information about lets encrypt [here][2]
Steps to follow:
SSH into the instance and switch to root.
Download Certbot
wget https://dl.eff.org/certbot-auto
Chmod a+x certbot-auto
Run certbot to fetch the certificates
sudo ./certbot-auto --debug -v --server https://acme-v01.api.letsencrypt.org/directory certonly -d "your-domain-name"
A wizard would be launched asking you select options for Apache, WebRoot, and Standalone. Select the WebRoot option and continue.Note the directory of your domain
Usually /var/www/html will be your directory for your domain. After success you will have three certificates in the following paths
Certificate: /etc/letsencrypt/live/<<<"Domain-Name">>>/cert.pem
Full Chain: /etc/letsencrypt/live/<<<"Domain-Name">>>/fullchain.pem
Private Key: /etc/letsencrypt/live/<<<"Domain-Name">>>/privkey.pem
Copy the pem file paths to /etc/httpd/conf.d/ssl.conf. Then restart the apache
Service httpd restart
And Finally, I have enabled the Really Simple SSL Plugin in wordpress. Thats it!

How to download objects from svn repository to unix AIX

I am unable to download file's from svn repository into unix AIX system. I am using "curl" command in unix to download the file but it fails with below error
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
More details here: http://curl.haxx.se/docs/sslcerts.html
command used :
curl -u username:password http://server.com/svn/trunk/test.file
Are there any settings in subversion repository which i need to change to make the curl command work.If yes, then how to change them.
I cannot use wget because it is not installed on our machine the alternative is curl.
Please, help me download subversion files into unix. your help will be greatly appreciated.
Thanks,
Sri

The short way to do it would be to add the --insecure option to the curl command. This tells cURL to ignore the fact that it can't verify the signer of the SSL cert used by your SVN server.
curl -u username:password --insecure https://server.com/svn/trunk/test.file
The error is happening for one of two reasons, either your SVN access is secured using a self-signed certificate from a CA not in the certificate chain for the OS, or the trusted certs cURL is using is outdated and doesn't have a certificate from the CA that signed your SVN SSL certificate.
You can either download the root certificate that signed your SSL cert and specify it like: curl --cacert /path/to/cert.pem. Otherwise, you'll need to determine how and where to install additional certificates to be trusted. This partly depends on whether or not cURL is using OpenSSL or NSS. This site has some guidance on how to do this for various operating systems.

Thanks for your response. I have changed the command to
curl -k http://server.com/svn/trunk/test.file -u username:password > test.file
and it worked.
Thanks,
Sri

Something missing in configuration for publishing from VS to Docker on Ubuntu?

I want to publish my projects from Visual Studio to Docker service on my own server. So there are some questions rising:
1) Install Docker on Ubuntu - plenty of manuals, for example: http://blog.tonysneed.com/2015/05/25/develop-and-deploy-asp-net-5-apps-to-docker-on-linux/
For me it ends (I think) at the point he going do "dockerize" something, but okay, at least I have the Docker installed.
2) Somehow find a way to publish VS projects to Docker. Again, plenty of manuals: http://www.hanselman.com/blog/PublishingAnASPNET5AppToDockerOnLinuxWithVisualStudio.aspx
3) And the problem is when I finally choose "Publish", specifying connection and other stuff, it fails checking connection. So, Docker out of the box isn't ready to receive deployments from VS? What do I need to fill the gap?
Edit for some details:
Docker was installed with these exact commands with no further configuration:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys
36A1D7869245C8950F966E92D8576A8BA88D21E9
sudo sh -c "echo deb https://get.docker.com/ubuntu docker main > /etc/apt/sources.list.d/docker.list"
sudo apt-get update
sudo apt-get install lxc-docker
What I'm deploying is ASP.NET 5 beta 7 app, specifying:
URL: tcp://19.85.23.13:2376
Image: microsoft/aspnet
And leaving other parameters default. What I get is error:
An error occured during publish. The command [docker -H
tcp://19.85.23.13:2376 build -t microsoft/aspnet -f
"C:\Users\adski\AppData\Local\Temp\PublishTemp\DockTest185\approot\src\DockTest1\Dockerfile"
"C:\Users\adski\AppData\Local\Temp\PublishTemp\DockTest185"] exited
with code [1]: Post
http://19.85.23.13:2376/v1.20/build?cgroupparent=&cpuperiod=0&cpuquota=0&cpusetcpus=&cpusetmems=&cpushares=0&dockerfile=approot%2Fsrc%2FDockTest1%2FDockerfile&memory=0&memswap=0&rm=1&t=microsoft%2Faspnet&ulimits=null:
dial tcp 19.85.23.13:2376: ConnectEx tcp: No connection could be made
because the target machine actively refused it..
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
Please visit http://go.microsoft.com/fwlink/?LinkID=529706 for
troubleshooting guide.
Well I'm not really a web-security expert. I've found this yet another manual: http://sheerun.net/2014/05/17/remote-access-to-docker-with-tls/ but can't really understand if it is what I need. After all, nobody in those "Visual Studio Publish to Docker" guides mentioned I need a certificate or something.
But obviously I need some credentials to access my server, otherwise, if it is on the web, anyone could dock something in it. And what are those cursed credentials? Any guides for dummies?
Edit 2: found something that looks like relevant: https://docs.docker.com/articles/https/
Er, is this really that complicated? But goddamit, none of those asp.net/docker tutorials mentioned that. Guides for dummies, pleeease?

curl can't connect to only certain HTTPS hosts

I am trying to install Meteor.js on a VM (Ubuntu 12.04) created with Vagrant.
The install should be as simple as:
curl https://install.meteor.com | /bin/sh
However this fails with curl: (7) couldn't connect to host
I have isolated the failure to a request within that shell script to this URL:
https://warehouse.meteor.com/bootstrap/0.7.0.1/meteor-bootstrap-Linux_i686.tar.gz
When I changed it to use HTTP instead of HTTPS it works. However I am running into problems elsewhere where it needs to pull things from httpS://warehouse.meteor.com/...
I thought the problem was with https, but if I do:
curl https://google.com
I get the page no problem, so what could be the issue?

Per another Ubuntu/Meteor question, it appears that there's some kind of certificate error (Meteor's SSL CA may not be installed by default in Ubuntu?) that goes away when you:
sudo apt-get update && sudo apt-get upgrade

For me upgrade didn't solve the problem.
My solution was to download the script from install.meteor.com and replace TARBALL_URL from https to http and I ran the script manually.