使用 certbot 取得 Let’s Encrypt 憑證 with openSUSE in Azure 小記2
上次寫使用 certbot 建立 Let’s Encrypt 憑證是 2020/9/15
一般來說是簽發 90 天, 所以最近就有收到 Let's Encrypt certificate expiration notice for domain 通知信件.
今天就是來寫如何手動取得憑證的小記
OS: openSUSE Leap 15.2 in Azure
DNS provider: gandi.net
首先會看到 Let’s Encrypt 官方網頁對套件做法已經改變, 他把他包進 snap 裡面
You'll need to install snapd and make sure you follow any instructions to enable classic snap support
snap 安裝on openSUsE文件如下
==== 原有 certbot 方式驗證是否仍可取得憑證 ====
在使用 snap 方式之前, 先來驗證如果是舊有的 certbot 指令是否可以取得 Let’s Encrypt 憑證
可以參考之前的文章
使用 zypper 指令安裝
# zypper install python3-certbot
# certbot certonly --manual --preferred-challenges=dns -d ines.tw
驗證還是可以取得相關憑證的
==== 使用 snap 方式安裝並驗證可否取得憑證 ====
暫時小結論: 使用 snapd 目前會有 apparmor 問題, 所以暫時我還是使用 python3-certbot 來處理
使用 zypper 指令 新增 repo
# zypper addrepo --refresh https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.2 snappy
Adding repository 'snappy' .............................................................................................[done]
Repository 'snappy' successfully added
URI : https://download.opensuse.org/repositories/system:/snappy/openSUSE_Leap_15.2
Enabled : Yes
GPG Check : Yes
Autorefresh : Yes
Priority : 99 (default priority)
Repository priorities are without effect. All enabled repositories share the same priority.
匯入 GPG Key
# zypper --gpg-auto-import-keys refresh
Retrieving repository 'Debug Repository' metadata ......................................................................[done]
Building repository 'Debug Repository' cache ...........................................................................[done]
Retrieving repository 'Update Repository (Debug)' metadata .............................................................[done]
Building repository 'Update Repository (Debug)' cache ..................................................................[done]
Retrieving repository 'Non-OSS Repository' metadata ....................................................................[done]
Building repository 'Non-OSS Repository' cache .........................................................................[done]
Retrieving repository 'Main Repository' metadata .......................................................................[done]
Building repository 'Main Repository' cache ............................................................................[done]
Retrieving repository 'Source Repository' metadata .....................................................................[done]
Building repository 'Source Repository' cache ..........................................................................[done]
Retrieving repository 'Main Update Repository' metadata ................................................................[done]
Building repository 'Main Update Repository' cache .....................................................................[done]
Retrieving repository 'Update Repository (Non-Oss)' metadata ...........................................................[done]
Building repository 'Update Repository (Non-Oss)' cache ................................................................[done]
Retrieving repository 'snappy' metadata -----------------------------------------------------------------------------------[-]
Automatically importing the following key:
Repository: snappy
Key Name: system:snappy OBS Project <system:snappy@build.opensuse.org>
Key Fingerprint: 4F2FA05B 2C6589C3 FD12055E F7C6E425 ED340235
Key Created: Sat Oct 31 16:59:39 2020
Key Expires: Mon Jan 9 16:59:39 2023
Rpm Name: gpg-pubkey-ed340235-5f9d97fb
Retrieving repository 'snappy' metadata ................................................................................[done]
Building repository 'snappy' cache .....................................................................................[done]
All repositories have been refreshed.
Upgrade package cache
# zypper dup --from snappy
Loading repository data...
Reading installed packages...
Computing distribution upgrade...
Nothing to do.
安裝 snapd
# zypper install snapd
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following 3 NEW packages are going to be installed:
snapd squashfs system-user-daemon
3 new packages to install.
Overall download size: 15.0 MiB. Already cached: 0 B. After the operation, additional 68.0 MiB will be used.
Continue? [y/n/v/...? shows all options] (y): Y
安裝完之後, 雖然官方文件說 You then need to either reboot, logout/login or source /etc/profile to have /snap/bin added to PATH.
但是我試過, #source /etc/profile 不一定會把 /snap/bin 加入 $PATH, 還是登出登入比較保險
# systemctl enable --now snapd
這一招還不錯, 起動 snapd 的同時, 設定開機啟動, 以往我都是分開兩個指令執行
# snap install core
error: cannot perform the following tasks:
- Setup snap "core" (10444) security profiles (cannot setup profiles for snap "core": cannot create host snap-confine apparmor configuration: cannot reload snap-confine apparmor profile: cannot load apparmor profiles: exit status 1
apparmor_parser output:
AppArmor parser error for /var/lib/snapd/apparmor/profiles/snap-confine.core.10444 in /var/lib/snapd/apparmor/profiles/snap-confine.core.10444 at line 2: Could not open 'tunables/global'
安裝失敗, apparmor 有問題
官方文件有提到 Tumbleweed 要額外設定 snapd.apparmor
在 openSUSE Leap 15.2 使用該指令會找不到相關服務, snpad 也不是 openSUSE 的主要做法, 暫時先放棄
===================
暫時來說, 目前會先使用 python3-certbot 做法, 除非哪天只能在 snapd 才能取得再考慮 :)
~ enjoy it
Reference
沒有留言:
張貼留言