General

Generate a Let’s Encrypt certificate using DNS challenge

Josh Reichardt 1 Comment

UPDATE:  The letsencrypt.sh script has been renamed to dehydrated.  Make sure you are using the updated dehydrated script if you are following this guide.

The Let’s Encrypt project has recently unveiled support for the DNS-01 challenge type for issuing certificates and the official Let’s Encrypt project added support with the recent addition of this PR on Github, which enables challenge support  on the server side of things but does not enable the challenge in the client (yet).  This is great news for those that are looking for more flexibility and additional options when creating and manage LE certificates.  For example, if you are not running a web server and rely strictly on having a DNS record to verify domain ownership, this new DNS challenge option is a great alternative.

I am still learning the ins and outs of LE but so far it has been an overwhelmingly positive experience.  I feel like tools like LE will be the future of SSL and certificate creation and management, especially as the ecosystem evolves more in the direction of automation and various industries continue to push for higher levels of security.

One of the big issues with implementing DNS support into a LE client as it currently stands is the large range of public DNS providers that have no standardized API support.  It becomes very difficult to automate the process of issuing and renewing certificates with the lack of standardization and API’s using LE.  The letsencrypt.sh project mentioned below is nice because it has implemented support for a few of the common DNS providers (AWS, CloudFlare, etc.) as hooks which allow the letsencrytpt.sh client to connect to their API’s and create the necessary DNS records.  Additionally, if support for a DNS provider doesn’t exist it is easy to add it by creating your own custom hooks.

letsencrypt.sh is a nice choice because it is flexible and just works.  It is essentially an implementation of the LE client, written in bash.  This is an attractive option because it is well documented, easy to download and use and is also very straight forward.  To use the DNS feature you will need to create a hook, which is responsible for placing the correct challenge in your DNS record.

Here is an example hook that is used for connecting with AWS Route53 for issuing certificates for subdomains.  After downloading the example hook script, you need to run a few commands to get things working.  You can grab it with the following command.

curl -o route53.rb https://gist.githubusercontent.com/tache/3b6760784c098c9139c6/raw/33fe6e0791a7d40ce7cdf14019b7d31801d4ab05/hook.rb
chmod +x route53.rb

You also need to make sure you have the Ruby dependencies installed on your system for the script to work.  The process of installing gems is pretty simple but there was an issue with the version of awesome_print at the time I made this so I had to install a specific version to get things working.  Otherwise, the installation of the other gems was straight forward.  NOTE: These gems are specific to the rout53.rb script.  If you use another hook that doesn’t require these dependencies you can skip the gems installations.

sudo gem install awesome_print -v 1.6.0
sudo gem install aws-sdk
sudo gem install pry
sudo gem install domainatrix

After you install the dependencies, you can run the letsencrypt script .

./letsencrypt.sh

You can see a few different options in this command.

The following command specifies the domain in the command (rather than adding a domains.txt file to reference), the custom hook that we have downloaded, and specifies the type of challenge to use, which is the dns-01 challenge.

./letsencrypt.sh --cron --domain test.example.com --hook ./route53.rb --challenge dns-01

Make sure you have your AWS credentials configured, otherwise the certificate creation will fail.  Here’s what the output of a successful certificate creation might look like.

#
# !! WARNING !! No main config file found, using default config!
#
Processing test.example.com
 + Signing domains...
 + Generating private key...
 + Generating signing request...
 + Requesting challenge for test.example.com...
-------------------->
 Domain: test.example.com
 Root: example.com
 Stage: deploy_challenge
Challenge: yabPBE9YvPXGFjslRtqXh-qK27QlWQgFlTusqcDzUMQ
{
 :change_info => {
 :id => "/change/C3K8MHKLB6IRKZ",
 :status => "PENDING",
 :submitted_at => 2016-08-08 17:54:50 UTC
 }
}
--------------------<
 + Responding to challenge for test.example.com...
-------------------->
 Domain: test.example.com
 Root: example.com
 Stage: clean_challenge
{
 :change_info => {
 :id => "/change/CE90OICFSN00C",
 :status => "PENDING",
 :submitted_at => 2016-08-08 17:55:15 UTC
 }
}
--------------------<
 + Challenge is valid!
 + Requesting certificate...
 + Checking certificate...
 + Done!
 + Creating fullchain.pem...
-------------------->
 Domain: test.example.com
 Root: test.example.com
 Stage: deploy_cert
 Certs: /Users/jmreicha/test/letsencrypt.sh/certs/test.example.com/cert.pem
--------------------<
 + Done!

The entire process of creation and verification should take less than a minute and when it’s done will drop out a certificate for you.

Here is a dump of the commands used to get from 0 to issuing a certficiate with the dns-01 challenge, assuming you already have AWS set up and configured.

git clone https://github.com/lukas2511/letsencrypt.sh.git
cd letsencrypt
curl -o route53.rb https://gist.githubusercontent.com/tache/3b6760784c098c9139c6/raw/33fe6e0791a7d40ce7cdf14019b7d31801d4ab05/hook.rb
chmod +x route53.rb
sudo gem install aws-sdk pry domainitrix awesome_print:1.6.0
./letsencrypt.sh --cron --domain yourdomain.example.com --hook ./route53.rb --challenge dns-01

Conclusion

There are other LE clients out there that are working on implementing DNS support including LEGO and Let’s Encrypt (now called certbot), with more clients adding the additional support and functionality all the time.  I like the letsencrypt.sh script because it is simple, easy to use, and it just works out of the box,with only a few tweaks needed.

As mentioned above, I have a feeling that automated certificates are the future as automation is becoming increasingly more common for these traditionally manual types of administration tasks.  Getting to know how to issue certificates automatically and learning how to use the tooling to create them is a great skill to have for any DevOps or operations person moving forward.

Read More

Découvrez l’expérience immersive du casino770 en ligne

Jake Alheid

Le monde des jeux en ligne s’est considérablement développé au fil des années, offrant une variété d’expériences pour les joueurs du monde entier. Parmi les nombreuses plateformes disponibles, casino770 en ligne se distingue par sa gamme de jeux exceptionnelle et son interface utilisateur intuitive.

Qu’est-ce que casino770 en ligne?

Le casino770 en ligne est une plateforme de jeu numérique qui permet aux utilisateurs d’accéder à une myriade de jeux de casino depuis le confort de leur domicile. Que vous soyez fan de poker, de blackjack ou de machines à sous, ce casino en ligne a quelque chose à offrir à chaque type de joueur.

Casino en ligne

Pourquoi choisir casino770 en ligne?

Avantages Description
Accessibilité Disponible 24/7, vous pouvez jouer à tout moment, où que vous soyez.
Diversité des Jeux Offre une vaste sélection de jeux allant des classiques aux nouveautés.
Sécurité Assure une protection optimale des données personnelles et financières.

Comment débuter sur casino770 en ligne?

Pour commencer, rendez-vous sur le site de casino770 en ligne et créez votre compte en quelques étapes simples. Une fois inscrit, vous pourrez explorer les différentes sections et choisir vos jeux préférés. N’oubliez pas de profiter des bonus de bienvenue qui peuvent augmenter votre capital de jeu initial.

Conseils pour maximiser votre expérience de jeu

  • Fixez un budget: Assurez-vous de jouer de manière responsable en définissant un budget que vous ne dépassez pas.
  • Exploitez les bonus: Utilisez les promotions et bonus offerts pour maximiser votre temps de jeu.
  • Apprenez les règles: Prenez le temps de comprendre les règles du jeu et développez des stratégies pour améliorer vos chances de gagner.

En conclusion, le casino770 en ligne est une excellente option pour ceux qui cherchent à vivre l’excitation des jeux de casino directement depuis chez eux. Profitez de la diversité des jeux, de la facilité d’accès et de l’expérience utilisateur fluide pour passer des moments inoubliables. Gardez à l’esprit de toujours jouer de manière responsable et de profiter du divertissement qu’offre cet univers fantastique.

Regardez notre vidéo pour en savoir plus sur l’expérience

Read More

My take on the NoOps movement

Josh Reichardt Leave a comment

I recently attended DevOps Days Portland, where Kelsey Hightower gave a nice Keynote about NoOps.  I had heard of the terms NoOps in passing before the conference but never really thought much about it or its implications. Kelsey’s talk started to get me thinking more and more about the idea and what it means to the DevOps world.

For those of you who aren’t familiar, NoOps is a newer tech buzzword that has emerged to describe the concept that an IT environment can become so automated and abstracted from the underlying infrastructure that there is no need for a dedicated team to manage software in-house.

Obviously the term NoOps has caused some friction between the development world and operations/DevOps world because of its perceived meaning along with a very controversial article entitled “I Don’t Want DevOps.  I Want NoOps.” that kicked the whole movement off and sparked the original debate back in 2011.  The main argument from people who work in operations is that there will always be servers running somewhere, as a developer you can’t just magically make servers go away, which I agree with 100%.  It is incredibly short sighted to assume that any environment can work in a way where operations in some form need not exist.

Interestingly though, if you dig into the goals and underlying meaning of NoOps, they are actually fairly reasonable to me when boiled down.  Here are just a few of them, borrowed from the article and Kelsey’s talk:

  • Improve the process of deploying apps
  • Not just VM’s, release management as well
  • Developers don’t want to deal with operations
  • Developers don’t care about hardware

All of these goals seem reasonable to me as an operations person, especially not having to work with developers.  Therefore, when I look at NoOps I don’t necessarily take the ACTUAL underlying meaning of it be to work against operations and DevOps, I look at it as developers trying to find a better way to get their jobs done, however misguided their wording and mindset.  I also see NoOps, from an operations perspective as a shift in the mindset of how to accomplish goals, to improve processes and pipelines, which is something that is very familiar to people who have worked in DevOps.

Because of this perspective, I see an evolution in the way that operations and DevOps works that takes the best ideas from NoOps and applies them in practical ways.  Ultimately, operations people want to be just as productive as developers and NoOps seems like a good set of ideas to get on the same page.

To be able to incorporate ideas from NoOps as cloud and distributed technologies continue to advance, operations folks need to embrace the idea of programming and automation in areas that have been traditionally managed manually as part of the day to day by operation folks in order to abstract away complicated infrastructure and make it easier for developers to accomplish their goals. Examples of these types of things may include automatically provisioning networks and VLAN’s or issuing and deploying certificates by clicking a button.  As more of the infrastructure gets abstracted away, it is important for operations to be able to automate these tasks.

If anything, I think NoOps makes sense as a concept for improving the lives of both developers and operations, which is one facet that DevOps aims to help solve.  So to me, the goals of NoOps are a good thing, even though there has been a lot of stigma about it.  Just to reiterate, I think it is absurd for anybody to say that jobs of operations will going away anytime soon, the job and responsibilities are just evolving to fit the direction other areas of the business are moving.  If anything, the skills of managing cloud infrastructure, automation and building robust systems will be in higher demand.

As an operations/DevOps person just remember to stay curious and always keep working on improving your skill set.

Read More

Scopri EuroBet: Slot, Casinò, Scommesse e App Completi

Jake Alheid

Benvenuti nel mondo di EuroBet, il luogo dove l’intrattenimento incontra l’innovazione digitale. EuroBet offre un ampio ventaglio di giochi d’azzardo e scommesse, tra cui le famose slot EuroBet, che attirano giocatori da tutto il mondo grazie alla loro varietà e alle eccitanti opportunità di vincita.

Esperienza Casinò Unica

EuroBet Casinò

Il cuore dell’esperienza EuroBet casinò è la sua piattaforma di gioco, che include non solo slot avanzate ma anche giochi da tavolo classici. Che tu sia un amante del blackjack o un fan della roulette, EuroBet ti offrirà tutto quello che cerchi.

Accedi Facilmente con EuroBet Login

Accedere alla piattaforma è semplice grazie alla funzione EuroBet login. Una volta all’interno, troverai un mondo fatto di pura emozione e possibilità.

Vinci Grande con EuroBet Lotterie

Per chi cerca il brivido delle lotterie, EuroBet offre giochi con incredibili jackpot. Le EuroBet lotterie sono il tuo biglietto per il grande successo.

App Mobile EuroBet: Gioca Ovunque Ti Trovi

Grazie all’EuroBet app, potrai scommettere e giocare in qualsiasi momento e ovunque tu sia. La comodità di avere un casinò sempre a portata di mano è ora una realtà.

Per saperne di più, visita il nostro sito ufficiale: https://eurobetit.co.it/.

Grazie a una rete sicura e affidabile, scommettere su EuroBet scommesse non è mai stato così accattivante. Scopri un’esperienza di gioco senza paragoni e inizia a vincere oggi stesso!

Read More

Scopri Verde Casino: Un’Esperienza Unica con VerdeCasino

Jake Alheid

Verde Casino è il nuovo trend del momento per gli appassionati di giochi d’azzardo online in Italia. Con un’offerta ampia e variegata, Visita Verde Casino per esplorare le sue eccezionali opzioni di gioco e bonus.

Perché Scegliere Verde Casino?

Verde Casino it offre un’interfaccia utente intuitiva, che rende facile navigare tra le numerose slot machine e giochi da tavolo disponibili. Grazie alle rigide misure di sicurezza, puoi giocare in totale tranquillità.

Bonus Verde Casino

Intrattenimento Assicurato

Non perderti le promozioni settimanali che VerdeCasino offre ai suoi utenti, così come le novità del casino. Dai un’occhiata a questo video per scoprire di più!

Read More