ds106.club SSL Notes

Whenever I have some downtime I inevitably end up playing with one of the many silly sites I have accumulated over time. This morning it was the throwback Apache server ds106.club. If the logs are correct, I return to it once every two years or so to make sure the domain didn’t lapse and/or the server didn’t go down. As I checked in on it this morning I noticed the site was not loading over https, which set me down a path which ends with this post 🙂

The site is running on a VPS with Ubuntu 16.04 installed, which is getting a bit long in the tooth. When I tried to follow these instructions to issue a new Let’sEncrypt certificate, I  got an error that the PPA had been deprecated. You can see all the details through the URL they provide.

Turns out you need to install and use Snap to get the Let’s Encrypt certbot installed on your VPS, so that was what I did. It wasn’t already installed on my VPS, so I ran the following commands to get Snap installed:

sudo apt-get update
sudo apt-get install snapd

After that I needed to run the following commands to make sure Snap was up-to-date:

sudo snap install core
sudo snap refresh core

Turns out that my server needed the fuse package for Ubuntu to be installed, so I did that with the following command:

sudo apt-get install -y fuse

It was also recommended to remove any previous certbot certificates, so I ran this command for that:

sudo apt-get remove certbot

After that I was ready to install the certbot:

sudo snap install --classic certbot

But when I ran the above command I got an error that the snap command “cannot communicate with server.” After finding a similar issue someone else had, it turns out you need to make sure snap is running.

I checked the status:

systemctl status snapd.service

It wasn’t running, so I used this command to start it:

systemctl start snapd.service

After that I re-ran the install certbot command:

sudo snap install --classic certbot

It worked, and the following command makes sure the cert will run correctly:

sudo ln -s /snap/bin/certbot /usr/bin/certbot

And finally ran the command to issue the certificate:

sudo certbot --apache

After that you want to confirm the certificate will update automatically with this command:

sudo certbot renew --dry-run

So, ds106.club is now loading securely over https, not that anyone would notice or care but me. I like tinkering on small, zero-priority sites because they allow me to figure stuff out without any repercussions if things go wrong. For example, during my troubleshooting I decided to clone the environment and redeployed Ubuntu 18 to see if that would solve my Snap issues, but that over-wrote all my files—so I trashed the original environment and worked on manually installing Snap on the clone. Having a quick clone tool in Reclaim Cloud and a bit of freedom to experiment and destroy stuff that I can immediately get back up and running by pointing to a new IP address makes all the difference for this kind of work, especially when you are always on the cusp of your understanding like me.

This entry was posted in Reclaim Cloud, sysadmin and tagged , , . Bookmark the permalink.

5 Responses to ds106.club SSL Notes

  1. John says:

    Hi Jim,
    Someone would notice & care;-) I log on to the club once every year or so. Just fixed a couple of http references to https. I still wonder if the tilde environment would make a good place to run a ds106 course.
    It is also a good tinkering place.

    • Reverend says:

      Yeah, I lpve the idea of running a ds106 course in an apache server. I wonder if you and I don’t do that as an open Reclaim EdTech Flex Course together? Could be fun and we can fund the experiment, what say you? I love the idea of playing here, and if you are in cleanup mode I noticed a few GIFs from your beautiful prisoner site that might need re-embedding….wait where are your Prisoner Wake GIFs? I could have sworn I saw them yesterday? https://ds106.club/~johnjohnston/images/wake01.gif

      Also, going to your page I noticed you are “blogging” on ds106.club, which is ridiculously awesome, we need to chat more about this because it really just takes one other person to make a community!

      We could call the Club “The Village” and re-visit some of the Prisoner stuff and have some fun. I am definitely game because the broader social network communities are really a drag, I want to play and have fun.

  2. john says:

    Hi Jim,
    That sound fun. I don’t really know a lot about this other than some dart experiments!

    The blogging on ds106.club is just editing the index file in nano, but there is a nice bashblog script I have played with on my pi https://pi.johnj.info

    Love to have a chat about this.

    • Reverend says:

      Bash Blog? Who knew! I am ready to play, will reach out for a chat. And never let your role as amateur stopping you from running a ds106 class, in fact that is what the whole thing started as 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.