Obtaining Let’s Encrypt HTTPS SSL Certificate on Windows

Obtaining Let's Encrypt HTTPS SSL Certificate on Windows

Install the .NET Framework version 4.7.2, and then:

Download ACME Windows Client – WACS

To obtain a certificate, run the WACS.exe with the following arguments:

wacs.exe --target manual --host {DOMAIN_NAME} --webroot {PATH_TO_DOMAIN_ROOT_LIKE_C:\zpanel\panel} --emailaddress {EMAIL_ADDR} --accepttos --validation filesystem --store pemfiles --pemfilespath C:\certs

 

Installing the Newest Version of Python 2.7.x on Older Versions of Ubuntu (like 14.04)

Installing the Newest Version of Python 2.7.x on Older Ubuntu Systems

If you need to upgrade to the newest version of Python 2.7.x, and you're running an older distribution (like Ubuntu 14.04), use the following commands to get the latest version (works on Ubuntu 17.04 and older – tested on Ubuntu 14.04):

sudo add-apt-repository ppa:jonathonf/python-2.7
sudo apt-get update
sudo apt-get install python2.7

Then, you'll need to cleanup a few leftover system packages manually before installing the newest version of python-pip.  If you don't do this, you'll run into problems installing some new packages using pip.

sudo rm /usr/lib/python2.7/dist-packages/chardet*.egg-info
sudo rm -r /usr/lib/python2.7/dist-packages/chardet
sudo rm /usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so

Now, you can download and install the newest version of python-pip:

curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
sudo python get-pip.py

Getting Let's Encrypt Certbot to Work:

First, you'll need to install a few packages that Certbot (the Let's Encrypt client) uses:

sudo pip install requests
sudo pip install hmac

Now, you'll need to delete the EFF directory from the /opt directory to avoid old configuration issues that were used for your older version of python.  Once you cleanup this directory, you'll run certbot again so it can reconfigure itself. 

sudo rm -r /opt/eff.org/
sudo certbot

You're done.

Full list of commands (for quickly doing all of the above):

sudo -i
add-apt-repository ppa:jonathonf/python-2.7
apt-get update
apt-get install python2.7
rm /usr/lib/python2.7/dist-packages/chardet*.egg-info
rm -r /usr/lib/python2.7/dist-packages/chardet
rm /usr/lib/python2.7/lib-dynload/_hashlib.x86_64-linux-gnu.so
mkdir -p /root/Downloads
cd /root/Downloads
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python get-pip.py
pip install requests
pip install hmac
rm -r /opt/eff.org/
certbot

Change the Default Editor to nano in Linux

Use nano as the Default Editor

If you hate vi like I do, you can configure Linux to always default to using the nano editor.

Simply add the following to the bottom of the /etc/bashrc file:

export EDITOR="nano"

Save the file.  nano is now the default editor.  When you use

sudo crontab -e

The nano editor will now be used by default.

Configuring Let’s Encrypt Certbot on CentOS 7 with lighttpd

Configuring Let's Encrypt Certbot on CentOS 7 with lighttpd

Installing Certbot

First, install certbot by using the below commands:

sudo yum -y install epel-release
sudo yum install certbot

certbot is python based program that allows you to request SSL certificates for your domains. 

Request a Certificate

Use the below command to request a certificate (adjust paths and replace the test.com domain as necessary):

sudo certbot certonly --webroot -w /var/www/vhosts/test/httpdocs -d test.com

A certificate has now been stored in /etc/letsencrypt/live.  Create a combined certificate format by using the below command (replacing test.com with your real domain):

/bin/cat /etc/letsencrypt/live/test.com/cert.pem /etc/letsencrypt/live/test.com/privkey.pem > /etc/letsencrypt/live/test.com/custom.pem && /bin/chmod 777 /etc/letsencrypt/live/test.com/custom.pem && /sbin/service lighttpd restart

Certificate Renewal Cronjobs

You may want to create a cronjob to renew the certificate and a cronjob for regenerating the combined format certificate since the underlying certificate file can change (such as when it's renewed):

sudo crontab -e

Insert the below cronjobs:

0 1 * * 1 /usr/bin/certbot renew --quiet
5 1 * * 1 /bin/cat /etc/letsencrypt/live/test.com/cert.pem /etc/letsencrypt/live/test.com/privkey.pem > /etc/letsencrypt/live/test.com/custom.pem && /bin/chmod 777 /etc/letsencrypt/live/test.com/custom.pem && /sbin/service lighttpd restart

Save your crontab configuration. 

Setting Up Lighttpd to Use SSL Certificate

Edit your default-enabled lighttpd configuration file in /etc/lighttpd/vhosts.d to look similar to the following (replacing test.com with your real domain and adjusting various file paths)

$HTTP["host"] == "test.com" {
  var.server_name = "test.com"
  server.name = server_name  server.document-root = vhosts_dir + "/test/httpdocs"
  #accesslog.filename          = vhosts_dir + "/test/log" + "/access.log"
}
$SERVER["socket"] == ":80" {
  server.document-root = vhosts_dir + "/test/httpdocs"
}
$SERVER["socket"] == ":443" {
    ssl.engine           = "enable"
    ssl.pemfile          = "/etc/letsencrypt/live/test.com/custom.pem"
    server.document-root = vhosts_dir + "/test/httpdocs"
    ssl.ca-file = "/etc/letsencrypt/live/test.com/chain.pem" # Root CA
    server.name = "test.com" # Domain Name OR Virtual Host Name
}

Save and restart the lighttpd service.

sudo service lighttpd restart

Congrats, SSL is now available on your domain, and your Let's Encrypt certificate has been configured and will be renewed automatically by your cronjob.

Copying LVM Containers from One Remote Server to Another

Transferring LVM Containers

Before you transfer a KVM container to another machine, create a KVM virtual machine on the target server with the same or larger disk size than the container being transferred. 

You can see a full list of LVM containers by using the below command:

sudo lvdisplay

Copying an LVM Container from the Local Machine to a Remote Server

sudo -i
dd if=/dev/vms/phpdev bs=4096 | pv | ssh root@IPADDRESS_HERE -p SSH_PORT 'dd of=/dev/pool/phpdev bs=4096'

Adjust the above pool paths as necessary since this may vary from server to server. 

Copying an LVM Container from a Remote Machine to the Local Machine

sudo -i
ssh root@IPADDRESS_HERE -p SSH_PORT "dd if=/dev/vms/phpdev bs=4096" | dd of="/dev/vms/phpdev" bs="4096"

Adjust the above pool paths as necessary since this may vary from server to server. 

CentOS 7 – Easiest Way to Configure LVM KVM Pool for Virtual Machines

Configuring LVM in CentOS

When installing CentOS 7, be sure to only partition the hard drive with about 100GB of space for the OS file system itself.  Leave the rest of the drive unpartitioned.  After CentOS has been successfully installed, run gparted via a terminal using the below command:

sudo gparted

Create a new "LVM2 PV" file system based partition on the drive's remaining space like so:

Now, create the LVM volume group by using the below command and replacing /dev/md126p3 with the new partition's path label:

sudo vgcreate vms /dev/md126p3

Now, launch virt-manager by running the below command:

sudo virt-manager

Go to "Edit" –> "Connection Details" –> click on the "Storage" tab.  Click on the "+" icon on the bottom left.  You're now creating a storage pool.  Give it a name like "vms" which is short for virtual machines.  Select "logical: LVM Volume Group" for the type.  Here's a screenshot:

In "Target Path" select the volume group that you created named vms (which you did earlier using the "vgcreate" command).  Do NOT check the "Build Pool" checkbox, and leave the "Source Path" field blank.  Here's a screenshot of what it should look like:

Click on "Finish".  You're done, and you can now create LVM storage containers for your KVM configured pool named vms.

Here's a good LVM KVM Pool guide from RedHat that includes more information (though it's not as simple as following this guide).

Running PolicyKit (pkexec) Commands without Prompting for Authentication

PolicyKit pkexec – Running without Prompting for Authentication

The following guide explains how to configure a pkexec command to run without prompting for authentication.  This is helpful when you want to grant root access to key piece of the system (such as allowing virsh commands from another user when running KVM virtual machines) or just want to run a GUI command as root without having to login or use authentication. 

https://askubuntu.com/questions/383747/how-to-configure-pkexec-to-not-ask-for-password#answer-388660

Or in our own archive in case the above link disappears.

Full Ubuntu Startup Applications Location List

Location of Ubuntu Startup Application Scripts

All Versions of Ubuntu

In all versions of Ubuntu, startup scripts can be configured and run from the following locations:

/etc/init/*.conf – some init scripts
/etc/rc.local – a file that is run by root on system boot (bash scritps and other commands can go in here)
~/.config/autostart – user specific GUI programs that are run once the X11 environment is started
/etc/xdg/autostart – Global GUI programs that are run once the X11 environment is started
@reboot cronjob – cronjob scripts that are executed when the system boots

Ubuntu 16.04 and Later

systemd init scripts in /etc/systemd/system/*.service files
systemd init scripts in /lib/systemd/system/*.service files

DragNDropz Test

Invalid resx File Windows XP Only

Invalid resx File in C# .NET Solution on Windows XP Only

If a c# application you've developed that targets the .NET Framework version 4.0 crashes on Windows XP but does NOT crash on Windows Vista through Windows 10, it is most likely due to an embedded resource issue (in one of the .resx files in the solution).  Upon opening the solution of my problematic program in Visual Studio 2010 on Windows XP, I received an error similar to the following:

Invalid resx file. Command completed successfully. Could not load type...

I fixed the issue by deleting one of my icon (.ico) files from the solution that was 256 x 256 pixels and replaced it with the same icon with a size of 255 x 255 pixels.  While a 256 x 256 pixel icon file is perfectly valid in newer versions of Windows, the maximum size of an .ico file can only be 255 x 255 on Windows XP x86 SP3.  I still target XP machines since I have a Netbook with it that will always be running XP.