Differences

This shows you the differences between two versions of the page.

--- raspberry-pi [2018/10/06 08:49] – dblume
+++ raspberry-pi [2023/04/12 20:44] (current) – external edit 127.0.0.1
@@ Line 191: / Line 191: @@
    sudo crontab -e
-5 * * 0 certbot renew --post-hook "service nginx reload" >> /var/log/letsencrypt-renew.log
+5 * * 0 certbot renew --post-hook "service nginx reload" >> /home/pi/letsencrypt-renew.log
 <code>
@@ Line 214: / Line 214: @@
 </code>
 . Port forward ports 80 and 443.  At the local router:
 http://router.asus.com/Advanced_VirtualServer_Content.asp
@@ Line 220: / Line 220: @@
 WAN -> Virtual Server / Port Forwarding
 . Update nginx
 https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-in-ubuntu-16-04
@@ Line 252: / Line 252: @@
 **TODO**: Renew with ''certbot renew --quiet'' as per [[https://certbot.eff.org/#debianjessie-nginx|certbot]] or [[https://bjornjohansen.no/letsencrypt-nginx|manually]].
+===== Updating CertBot to use ACMEv2 =====
+Got an email from the EFF saying my current CertBot client uses ACMEv1 and it needs to be upgraded. Followed some instructions here:[[https://certbot.eff.org/lets-encrypt/debianother-nginx|Debian Jessie instructions from the EFF]].
+  sudo apt-get remove certbot
+  wget https://dl.eff.org/certbot-auto
+  sudo mv certbot-auto /usr/local/bin/certbot-auto
+  sudo chown root /usr/local/bin/certbot-auto
+  sudo chmod 0755 /usr/local/bin/certbot-auto
+But the next step (they suggested''sudo /usr/local/bin/certbot-auto certonly --nginx''), but I tried:
+  sudo /usr/local/bin/certbot-auto certonly --webroot -w /var/www/html -d pi.dlma.com -d wopr.dlma.com
+is broken because it first  an apt-get and Jessie Backports is gone, and then because the pip installation failed Hash verification.
+==== Problem: Jessie Backports is gone. ====
+Follow the instructions here: [[https://www.lucas-nussbaum.net/blog/?p=947|Removal of Jessie-Updates and Jessie-Backports from Debian Mirrors]]
+Remove "<nowiki>deb http://ftp.debian.org/debian jessie-backports main</nowiki>" from ''/etc/apt/sources.list'' and add:
+  deb http://archive.debian.org/debian/ jessie-backports main contrib non-free
+  deb-src http://archive.debian.org/debian/ jessie-backports main contrib non-free
+And then essentially (I did it with a sudo vim session):
+  echo 'Acquire::Check-Valid-Until no;' > /etc/apt/apt.conf.d/99no-check-valid-until
+==== Problem pip install hash verification ====
+[[https://community.letsencrypt.org/t/certbot-auto-certificates-fails-while-installing-phyton-packages-with-these-packages-do-not-match-the-hashes/90363/5|Certbot fails when installing Python packages]]. This can be resolved by deleting the ''/etc/pip.conf'' file:
+<file bash /etc/pip.conf>
+[global]
+extra-index-url=https://www.piwheels.org/simple
+</file>
+===== Upgrading Distros =====
+When upgrading from Jessie to Stretch, I followed this recipe: [[https://pimylifeup.com/upgrade-raspbian-jessie-to-raspbian-stretch/|How to Upgrade Raspbian Jessie to Raspbian Stretch]].
+I didn't keep PiHole working, as I would get occasional network drops when working from home, and it was resolved when taking PiHole out of the mix. Will probably have to do a fresh install.
 ===== PiHole =====
@@ Line 315: / Line 359: @@
 curl "http://pi.hole/admin/api.php?summary" | python -m json.tool
 </code>
+===== New ACMEv2 Certbot overwrites /etc/nginx/sites-enabled/default =====
+We keep backups at ''~/etc_nginx_sites-enabled_default_pihole.backup''.
+  sudo service nginx restart
 ===== Jessie or earlier: Add piwheels for fast Python pip installations =====
 If you're not installing Stretch or later, here's [[https://www.piwheels.hostedpi.com/|info on piwheels]]. Add the following to ''/etc/pip.conf'':
-<file /etc/pip.conf>
+<file bash /etc/pip.conf>
 [global]
 extra-index-url=https://www.piwheels.org/simple