Free SSL Certificates that Automatically Renew with CertBot and LetsEncrypt


It’s been a while since I wrote a blog post (over 5 years!) and in republishing my blog, I wanted to ensure a few best-practices were in place.  One of those is ensuring that all content is served up over HTTPS.

Thankfully, we’ve come a long way in the past 5 years when it comes to providing a simple and cost free way to serve content using HTTPS – with thanks to the CA LetsEncrypt, you can now generate free SSL certificates with ease:

  1. Step 1: Head over to the CertBot from EFF
  2. Select your OS and web server
  3. Follow the step-by-step guide to install CertBot
  4. Bam!  You’re running under HTTPS

Because Certificates from LetsEncrypt are only valid for 90 days, you need to setup a cronjob to renew the certificate.  I do this on a weekly basis as follows:

letsencrypt renew --post-hook "service apache2 reload"

How-To: Check root DNS settings for domain

Using “dig” you can determine what IP address or CNAME your domain is pointing to quite easily. However what I didn’t know was that you can actually check what the root server thinks your domain is pointing at, so you can check if its set correctly when you are migrating to a new IP address.

To do this, simply type:

dig domaintolookup.com +trace

How-To: Recursively remove .svn folders

Okay, so you’ve accidentally adding a bunch of files to SVN.  Or, you need to copy a bunch of files but you don’t want to take the .svn folders with you.  How to get rid of these?  On any *nix machine (Mac included) you can run the following command:

rm -rf `find . -type d -name .svn`

yum fails: Fixing Fedora Core 5 yum repositories

Fedora Core 5 is currently EOL – it’s not supported any more.  As a result, you might find you can’t use yum to install packages any more – you get an error message about this file not existing:

http://download.fedora.redhat.com/pub/fedora/linux/core/5/i386/os/repodata/repomd.xml

This is because the repositories that yum uses aren’t there anymore.  However you can modify the repositories in /etc/yum/repos.d/ and add these to fix the problem:

http://archive.fedoraproject.org/pub/archive/fedora/linux/core/6/i386/os/
http://archive.fedoraproject.org/pub/archive/fedora/linux/core/6/i386/debug/
http://archive.fedoraproject.org/pub/archive/fedora/linux/core/6/source/SRPMS/

http://archive.fedoraproject.org/pub/archive/fedora/linux/core/updates/6/i386/
http://archive.fedoraproject.org/pub/archive/fedora/linux/core/updates/6/i386/debug/
http://archive.fedoraproject.org/pub/archive/fedora/linux/core/updates/6/SRPMS/

http://archive.fedoraproject.org/pub/archive/fedora/linux/extras/6/i386/

An example change would be to the /etc/yum/repos.d/fedora-core.repo file:

[core]
name=Fedora Core $releasever – $basearch
#baseurl=http://download.fedora.redhat.com/pub/fedora/linux/core/$releasever/$basearch/os/
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/core/5/i386/os/
[core]
name=Fedora Core $releasever - $basearch
baseurl=http://archive.fedoraproject.org/pub/archive/fedora/linux/core/5/i386/os/

How-To: Remotely monitor your server with monit

moint is a fantastic utility that can be installed on Linux or Mac OS X and provides the ability to monitor services running on your server.  These could be apache, mysql, bind or any other service you need to be up and running.  After installing monit, you create a config file containing information about the services you want to monitor.  Monit with then dutifully monitor the service, and email you if they go down.  You can even configure it to restart the service if it fails.

Running on top of monit is m/monit, which is a web based service which pools information from all your servers running monit and provides information in a easily accessable format on a web page.  You can use this as your monitoring station for your website for instance, as it also includes information such as load average, disk usage and uptime – in addition to the services you are monitoring.

Highly recommended.

How-To: Check a Reverse DNS Record Lookup (PTR Record) and Solve Email Delivery Issues

More and more mail servers are starting to reject email if your outgoing mail server doesn’t have a reverse DNS record or PTR record. You can check if you have one by issuing the following command:

dig -x 127.0.0.1

Obviously, replace the 127.0.0.1 address with the relevant IP address of your mail server. You should receive a response like this:

; <<>> DiG 9.4.1-P1 <<>> -x 67.192.127.21
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17269
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;21.127.192.67.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
21.127.192.67.in-addr.arpa. 3600 IN	PTR	myserver.mydomain.com.

;; Query time: 217 msec
;; SERVER: 203.50.2.71#53(203.50.2.71)
;; WHEN: Thu Jul 10 11:09:58 2008
;; MSG SIZE  rcvd: 79

If you don't have one setup, you won't get a response in the ANSWER SECTION - so contact your host and ask them to set one up for you. It can help save a lot of headaches when you get bounce-back messages such as:

Could not deliver the message in the time limit specified.  Please
retry or contact your administrator.

How-To Fix: make: yacc: Command not found

I have been getting the following error when trying to compile monit for my CentOS server:

make: *** [y.tab.c] Error 127

To resolve it, I simply installed bison:

yum install bison

Then run configure again:

./configure
make && make install

And that fixed the problem!  Hope that helps someone.