setcap equiv for windows? #39

New Issue

Closed

opened 2020-04-13 17:10:10 +00:00 by Ghost · 5 comments

Ghost commented 2020-04-13 17:10:10 +00:00

Copy Link

What is the windows equivalent commands for this ?

sudo setcap 'cap_net_bind_service=+ep' $(which node)

This is the only thing I haven't done, but can't seem to get the challenge_status to accepted, currently fails /timesout with pending ... perhaps bc I did not do that command above since I am on a windows machine?

What is the windows equivalent commands for this ? sudo setcap 'cap_net_bind_service=+ep' $(which node) This is the only thing I haven't done, but can't seem to get the challenge_status to accepted, currently fails /timesout with pending ... perhaps bc I did not do that command above since I am on a windows machine?

coolaj86 commented 2020-04-13 17:54:24 +00:00

Owner

Copy Link

Windows doesn't work that way, so ignore it.

But the reason it's failing for you is likely that either you're using http-01 (the default) and you don't have port-forwarding set up on your router, or that your dns-01 (which you need for Let's Encrypt on localhost) is misconfigured.

Windows doesn't work that way, so ignore it. But the reason it's failing for you is likely that either you're using http-01 (the default) and you don't have port-forwarding set up on your router, or that your dns-01 (which you need for Let's Encrypt on localhost) is misconfigured.

coolaj86 changed title from windows equiv? to setcap equiv for windows? 2020-04-13 17:55:35 +00:00

Ghost commented 2020-04-14 15:50:20 +00:00

Author

Copy Link

Thank you Solderjs, is there a place to better understand the configuring of the http-01 and dns-01, which one I need and how to config that in my node/express app? Or did I miss that part... I need it explained to me like I am 5.

Thank you Solderjs, is there a place to better understand the configuring of the http-01 and dns-01, which one I need and how to config that in my node/express app? Or did I miss that part... I need it explained to me like I am 5.

Ghost commented 2020-04-14 16:22:55 +00:00

Author

Copy Link

So what I did was,

went to greenlock.domains, entered my domain that I need a cert for, downloaded the file .... placed the file in my serverroot /well-known/acme-challenge

and have this config for my server ... .

const greenlock = require("greenlock-express");

//Express setup and routes setup here--

greenlock.init({
    packageRoot: __dirname,
    configDir: "./greenlock.d",
    maintainerEmail: pkg.author,
    cluster: false
}).serve(app);

here is my greenlock.d config

{
  "defaults": {
    "store": {
      "module": "greenlock-store-fs"
    },
    "challenges": {
      "http-01": {
        "module": "acme-http-01-standalone"
      }
    },
    "renewOffset": "-45d",
    "renewStagger": "3d",
    "accountKeyType": "EC-P256",
    "serverKeyType": "RSA-2048",
    "subscriberEmail": "REDACTED"
  },
  "sites": [
    {
      "subject": "suasguidebook.ara.com",
      "altnames": [
        "suasguidebook.ara.com"
      ],
      "renewAt": 1
    }
  ]
}

I config'd my server code yesterday, should I have gone through the steps on my server AFTER I got the challenge installed on my prod server from greenlock.domains?

The verification on greenlock.domains timed out

Do I need to specifically serve the route path to /well-known ?

Port 80 IS NOT open on my prod server yet.

So what I did was, went to greenlock.domains, entered my domain that I need a cert for, downloaded the file .... placed the file in my serverroot /well-known/acme-challenge and have this config for my server ... . ```js const greenlock = require("greenlock-express"); //Express setup and routes setup here-- greenlock.init({ packageRoot: __dirname, configDir: "./greenlock.d", maintainerEmail: pkg.author, cluster: false }).serve(app); ``` here is my greenlock.d config ```js { "defaults": { "store": { "module": "greenlock-store-fs" }, "challenges": { "http-01": { "module": "acme-http-01-standalone" } }, "renewOffset": "-45d", "renewStagger": "3d", "accountKeyType": "EC-P256", "serverKeyType": "RSA-2048", "subscriberEmail": "REDACTED" }, "sites": [ { "subject": "suasguidebook.ara.com", "altnames": [ "suasguidebook.ara.com" ], "renewAt": 1 } ] } ``` I config'd my server code yesterday, should I have gone through the steps on my server AFTER I got the challenge installed on my prod server from greenlock.domains? The verification on greenlock.domains timed out Do I need to specifically serve the route path to /well-known ? **Port 80 IS NOT open on my prod server yet**.

coolaj86 commented 2020-04-21 07:34:45 +00:00

Owner

Copy Link

DNS-01

Unfortunately dns-01 challenges cannot be explained as though you are 5.

You would need to use one of the supported DNS hosts in this list: https://git.rootprojects.org/root/greenlock-express.js#user-content-ready-made-integrations and you'd need to figure out how to get the API key from that DNS host.

Port 80

You must have port 80 open unless you have something special you need to handle, all traffic on Port 80 should be handled by Greenlock.

At the very least /.well-known/acme-challenge/ (not /well-known - missing .) must go through to Greenlock. Let's Encrypt cannot work through the default http-01 without it.

Manual Certificates

https://greenlock.domains is intended as a test site for non-node users to get 90-day certificates. Although it's possible to put everything in the right directories and have those keys and certs work with Greenlock.js in node, I wouldn't recommend trying.

## DNS-01 Unfortunately dns-01 challenges cannot be explained as though you are 5. You would need to use one of the supported DNS hosts in this list: https://git.rootprojects.org/root/greenlock-express.js#user-content-ready-made-integrations and you'd need to figure out how to get the API key from that DNS host. ## Port 80 You _must_ have port 80 open unless you have something special you need to handle, all traffic on Port 80 should be handled by Greenlock. At the very least `/.well-known/acme-challenge/` (not `/well-known` - missing `.`) _must_ go through to Greenlock. Let's Encrypt cannot work through the default `http-01` without it. ## Manual Certificates https://greenlock.domains is intended as a test site for non-node users to get 90-day certificates. Although it's possible to put everything in the right directories and have those keys and certs work with Greenlock.js in node, I wouldn't recommend trying.

coolaj86 commented 2020-05-07 03:49:00 +00:00

Owner

Copy Link

Closing because I haven't heard anything else. Let me know if that helped or if you'd like to re-open.

Closing because I haven't heard anything else. Let me know if that helped or if you'd like to re-open.

coolaj86 closed this issue 2020-05-07 03:49:00 +00:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

github

next

v4

npm

v3

v2

beta

v2.0

greenlock

express

v1.x

v4.0.4

v4.0.3

v4.0.1

v3.1.0

v3.0.12

v3.0.11

v3.0.10

v3.0.9

v3.0.8

v3.0.7

v3.0.6

v3.0.5

v3.0.4

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.7.18

v2.7.17

v2.7.16

v2.7.15

v2.7.12

v2.7.11

v2.7.10

v2.7.9

v2.7.8

v2.7.6

v2.7.3

v2.7.2

v2.7.1

v2.7.0

v2.6.9

v2.6.8

v2.6.7

v2.6.6

v2.6.5

v2.6.4

v2.6.3

v2.6.2

v2.6.1

v2.6.0

v2.5.0

v2.4.10

v2.4.9

v2.4.8

v2.4.7

v2.4.6

v2.4.5

v2.4.4

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.4

v2.3.2

v1.3.1

v2.1.6

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.0.12

v2.0.11

v2.0.10

v2.0.9

v2.0.8

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.2.0

v1.1.5

v1.1.4

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: root/greenlock-express.js#39

No description provided.