Update Wikis and Description with new Webfaction Feature about letsencrypt-webfaction HOT 31 CLOSED

WF tier-2 support (shout-out to Sean F!) has told me the following:

The API support for SSL certificates, and accompanying documentation, should be available within the next week or so.

We're also putting the finishing touches on our own automation for LE certificates, which will be managed entirely in our control panel, but I can't commit to a firm ETA for that.

I'll jump on porting this utility to their API as soon as they release it. Until then:

Our official policy is to help customers when they ask us to help :)

I'll make sure the support team continues to install certificates when requested.

Sounds like they'll keep doing the "automatic" email driven installs for the time being.

As a personal note, WF support has been fantastic for me yet again. I'll highly recommend them to anyone!

from letsencrypt-webfaction.

Good news - apparently the API now handles this. There's a new login method and four new API commands create_certificate, delete_certificate, list_certificates, and update_certificate

from letsencrypt-webfaction.

That's awesome! I'll take a look at getting this integrated at some point (hopefully soon). If anyone wants to take a crack at it, feel free.

from letsencrypt-webfaction.

Thank you for your work on this @will-in-wi!

Great to hear WF is working on LE automation.

from letsencrypt-webfaction.

I just pushed version 2.0.0 with Webfaction API support!

I'm closing this ticket. Please open new ones with bug reports or comments.

Thanks all!

from letsencrypt-webfaction.

In case anyone is curious, Chain is the intermediate certs. Full Chain is the intermediate certs and the root cert. Since the root cert is already in all of the browser trust stores, it doesn't matter much. I generally include the root cert just to be on the safe side.

IANASE (I Am Not A Security Expert) 😄

from letsencrypt-webfaction.

Thanks! I'll update the docs as soon as I can figure out how they actually automate LE support… It looks like you still have the manually get an LE cert every 3 months and then manually upload it.

I've filed a support ticket to try and figure out what I'm missing…

from letsencrypt-webfaction.

I'm just trying to understand the whole Lets Encrypt process, so please bear with me here.

Doesn't that just mean that you can basically ditch the last step and used the promised API to register the certificate?

but we’re working to make managing certificates even better over the coming days, with complete documentation, API support, and more.

Until they have the API you could just ask the user to upload the certificate in ~/le_certs to the webfaction control panel.

Is there an easy way to disable the support email? I am in the process of setting up https for my site and would try to use the new workflow.

from letsencrypt-webfaction.

You've nailed the question. I don't know what I need to do to support LE.

Let's Encrypt is all about automation. You should be able to set up certificate issuance once, and then every ~90 days the cert is automatically renewed and installed. If you have to manually upload a new cert every 60-90 days, that'll be a non-starter for me.

When a hosting company implements LE support, this typically means that they allow you to check a box saying "provide a cert for the website" and then the hosting company has a script which will automatically verify, issue, and install the cert. I don't see this integration for WebFaction yet.

Right now, the email workflow automates the process from the user's perspective. If all WebFaction does is introduce an API for automatic installation, then I'll make a new release of this utility which uses that API. However, I'm hoping/expecting that they'll introduce the said checkbox soon, which should allow me to simply EoL this entire utility and provide migration instructions. I'm waiting for things to shake out before investing more dev time.

from letsencrypt-webfaction.

As I was typing the previous message, WF replied with some more info:

The new SSL module in the WebFaction hosting control panel does not support
automated installations of LE certificates yet. We are still working on fully
implementing LE in the control panel.

For now, the certificates can be generated manually with something like your
tool and installed through the control panel without posting a ticket.

We are still working on the complete LE automation, but we don't have a time
frame for it yet.

[snipped…]

There is no API call for this at the time being. We are actively working to
introduce API support for the new control panel module and since this is a
priority, it should be done soon.

from letsencrypt-webfaction.

I see.

Question is, do they still act on tickets asking to install certifcates?

I shot them an email and their response was: look at this cool new feature we built.

from letsencrypt-webfaction.

Ah, if they are not installing certs automatically, then we have more of an issue… I'll ask.

from letsencrypt-webfaction.

For the time being, I added a note that this utility is in flux: 1e6d308

from letsencrypt-webfaction.

I just tried installing the certificates manually using the new workflow, i followed the instructions for django and just replaced --support email with my own.

Webfaction asks for three files: Certificate, Private Key and Intermediates/bundle. What is the last one? Chain or Full Chain?

Also: you need to change the used certificate in the website section of the https site.

from letsencrypt-webfaction.

At the moment, it sounds like they are installing the certificates in response to the email, and then reminding us that they have a self-serve UI now.

I'm waiting to hear more.

from letsencrypt-webfaction.

I'd use Full Chain.

from letsencrypt-webfaction.

Used Chain, works as well :)

from letsencrypt-webfaction.

In my experience they are not installing, just pointing to this: https://blog.webfaction.com/2016/09/manage-ssl-certificates-with-the-control-panel/

from letsencrypt-webfaction.

Not able to take a crack at the code, but happy to help test and document.

from letsencrypt-webfaction.

@will-in-wi any chance youre working on this soon? If not, I would need to code it myself ;)

from letsencrypt-webfaction.

I started some initial work on it, but was waiting for the official API to be released.

I haven't had time to continue yet. I intend to do so (I need it too), but I won't be able to start until Wednesday at the earliest.

from letsencrypt-webfaction.

I've started looking at this. I'm going to work on updating this Ruby app to use the Webfaction API, but if someone knows Python, I'd love to see a Certbot Installer plugin for Webfaction. It looks like it is possible to simply have a plugin that when Certbot renews a cert installs it using the Webfaction API. I spent a little bit trying to make that work, and couldn't. But if anyone else is interested in trying to crack this nut, I'd suggest that plan of attack.

from letsencrypt-webfaction.

First draft: #54

This works for me on my server.

from letsencrypt-webfaction.

Testing is appreciated! I know that this will need more readme work. I've added some migration notes to the changelog.

from letsencrypt-webfaction.

I know Python, but I know nothing about webfaction; just use it for a couple clients at work. What's the need for a Python version of what you've already made in Ruby...?

If this isn't appropriate for discussion in an issue, please do reply by email.

from letsencrypt-webfaction.

@Asday: Certbot has a plugin system that allows you to implement an Installer interface: https://certbot.eff.org/docs/contributing.html#writing-your-own-plugin

The normal installer interfaces will configure Apache and Nginx for you. We just need a new one which uses the Webfaction API to install the cert: https://docs.webfaction.com/xmlrpc-api/apiref.html#certificates

We would then use Certbot with the "webroot" authenticator and this new Webfaction installer.

Certbot is also tricky to install on Webfaction, so that would also need to be figured out.

With that said, I've just updated this app to work with the new API, and Webfaction is working on first party support, so it might not be useful. However, I'd prefer the Certbot solution.

Does this help?

from letsencrypt-webfaction.

Hmm, that does actually sound pretty reasonable to do...

Is certbot that painful to install on WF? I thought they were just CentOS 6 boxes with limited rights.

Now you've updated this to work with the API, when I have some free time at work I'll upgrade the aforementioned client's solution to be automatic, and see about these plugins.

from letsencrypt-webfaction.

I'm not sure about the pain of installing Certbot. My python knowledge is very limited, especially around the ecosystem and the right way of bootstrapping an app. Every Certbot tutorial begins with running a command to install system packages, which I can't do.

I'm guessing that some combination of the developer install guide, WF's custom virtualenv config, and some other magic could get it working.

from letsencrypt-webfaction.

Thanks for the quick work! If any python support is needed, let me know.

What exactly did you update? Did you replace the email to the support with an actual API call?

from letsencrypt-webfaction.

Yes. No more emailing support (or anyone). It simply creates or updates the certificate entry on the server.

from letsencrypt-webfaction.

I would like to try this library for the first time. Do I need to wait for a new release due to WF API changes?

Rubygems.org shows the latest version from Aug. 20th

from letsencrypt-webfaction.