4,461
edits
No edit summary |
change <source> tag to <syntaxhighlight> |
||
Line 49: | Line 49: | ||
1. Create a secure key for CSR | 1. Create a secure key for CSR | ||
< | <syntaxhighlight lang="bash" highlight="1"> | ||
$ openssl genrsa -des3 -out server.key 2048 | $ openssl genrsa -des3 -out server.key 2048 | ||
Generating RSA private key, 2048 bit long modulus | Generating RSA private key, 2048 bit long modulus | ||
Line 57: | Line 57: | ||
Enter pass phrase for server.key: | Enter pass phrase for server.key: | ||
Verifying - Enter pass phrase for server.key: | Verifying - Enter pass phrase for server.key: | ||
</ | </syntaxhighlight> | ||
2. Create an insecure key for CSR sourcing from the secure one | 2. Create an insecure key for CSR sourcing from the secure one | ||
< | <syntaxhighlight lang="bash" highlight="1"> | ||
$ openssl rsa -in server.key -out server.key.insecure | $ openssl rsa -in server.key -out server.key.insecure | ||
Enter pass phrase for server.key: | Enter pass phrase for server.key: | ||
writing RSA key | writing RSA key | ||
</ | </syntaxhighlight> | ||
3. Rename the keys | 3. Rename the keys | ||
Line 90: | Line 90: | ||
Download the executable and make it executable. | Download the executable and make it executable. | ||
< | <syntaxhighlight lang="bash" highlight="1,13"> | ||
$ sudo wget https://dl.eff.org/certbot-auto | $ sudo wget https://dl.eff.org/certbot-auto | ||
--2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto | --2016-06-27 18:36:18-- https://dl.eff.org/certbot-auto | ||
Line 104: | Line 104: | ||
$ sudo chmod a+x certbot-auto | $ sudo chmod a+x certbot-auto | ||
</ | </syntaxhighlight> | ||
I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>. | I prefer to have this type of executable in <span class="path">/usr/local/bin/</span> folder. It will make it available for other users as well as make it easy add as a cronjob. The ownership is already correct if you used <code>sudo</code>. | ||
Line 116: | Line 116: | ||
After the initial installation, if you need to add more domains you can do it directly from the CLI. | After the initial installation, if you need to add more domains you can do it directly from the CLI. | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo certbot-auto run --apache -d mydomain.net | $ sudo certbot-auto run --apache -d mydomain.net | ||
</ | </syntaxhighlight> | ||
=== Configuring to auto-renew certificate === | === Configuring to auto-renew certificate === | ||
Line 130: | Line 130: | ||
Use crontab to update the cron jobs, and add the above line. | Use crontab to update the cron jobs, and add the above line. | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo crontab -e | $ sudo crontab -e | ||
</ | </syntaxhighlight> | ||
=== Adding multiple domain names for a certificate === | === Adding multiple domain names for a certificate === | ||
Line 138: | Line 138: | ||
You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | You can use one certificate for multiple domains. The certificate is generated, but you need to install it yourself. | ||
< | <syntaxhighlight lang="bash" highlight="1"> | ||
$ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com | $ certbot-auto certonly --webroot -w /srv/www/mysite.com/ -d www.mysite.com -d mysite.com -w /srv/www/blog.mysite.com/ -d blog.mysite.com | ||
Line 152: | Line 152: | ||
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate | ||
Donating to EFF: https://eff.org/donate-le | Donating to EFF: https://eff.org/donate-le | ||
</ | </syntaxhighlight> | ||
= Miscellaneous = | = Miscellaneous = | ||
Line 164: | Line 164: | ||
If you try to '''create a blank file''', | If you try to '''create a blank file''', | ||
< | <syntaxhighlight lang="bash"> | ||
$ touch forcefsck | $ touch forcefsck | ||
touch: cannot touch 'forcefsck': No space left on device | touch: cannot touch 'forcefsck': No space left on device | ||
</ | </syntaxhighlight> | ||
you get a report back saying there is no space left on device. However, when you '''check the disk space''': | you get a report back saying there is no space left on device. However, when you '''check the disk space''': | ||
< | <syntaxhighlight lang="bash"> | ||
$ df -h | $ df -h | ||
Filesystem Size Used Avail Use% Mounted on | Filesystem Size Used Avail Use% Mounted on | ||
Line 179: | Line 179: | ||
none 5.0M 0 5.0M 0% /run/lock | none 5.0M 0 5.0M 0% /run/lock | ||
none 7.9G 140K 7.9G 1% /run/shm | none 7.9G 140K 7.9G 1% /run/shm | ||
</ | </syntaxhighlight> | ||
There is still 58% of disk space left, so something else is wrong. After googling about this, it turns out that my inode was running out. To '''check the number of inodes''': | There is still 58% of disk space left, so something else is wrong. After googling about this, it turns out that my inode was running out. To '''check the number of inodes''': | ||
< | <syntaxhighlight lang="bash"> | ||
$ df -i | $ df -i | ||
Filesystem Inodes IUsed IFree IUse% Mounted on | Filesystem Inodes IUsed IFree IUse% Mounted on | ||
Line 191: | Line 191: | ||
none 2052885 2 2052883 1% /run/lock | none 2052885 2 2052883 1% /run/lock | ||
none 2052885 47 2052838 1% /run/shm | none 2052885 47 2052838 1% /run/shm | ||
</ | </syntaxhighlight> | ||
''inode'' stands for index node, which is an index for a file/folder/device/etc. in the Unix file system scheme. | ''inode'' stands for index node, which is an index for a file/folder/device/etc. in the Unix file system scheme. | ||
Line 197: | Line 197: | ||
To '''find out which folder is causing this massive hemorrhage of inodes''': | To '''find out which folder is causing this massive hemorrhage of inodes''': | ||
< | <syntaxhighlight lang="bash"> | ||
$ sudo -s | $ sudo -s | ||
Line 223: | Line 223: | ||
1402 | 1402 | ||
(...) | (...) | ||
</ | </syntaxhighlight> | ||
It looks like there is a lot of inodes in /var for some reason, now we need to narrow down to a specific directory: | It looks like there is a lot of inodes in /var for some reason, now we need to narrow down to a specific directory: | ||
< | <syntaxhighlight lang="bash"> | ||
$ for i in ./* ; do echo $i; find $i -type f | wc -l; done | $ for i in ./* ; do echo $i; find $i -type f | wc -l; done | ||
(...) | (...) | ||
Line 251: | Line 251: | ||
1 | 1 | ||
(...) | (...) | ||
</ | </syntaxhighlight> | ||
You can check the number of files in any directory by issuing '''ls -l | wc -l''' but I couldn't even do this because there were millions of files that have accumulated over a year. These files had accumulated because PHP isn't doing the garbage collection. Your session.gc_probability may be set to 0. Change it to 1. | You can check the number of files in any directory by issuing '''ls -l | wc -l''' but I couldn't even do this because there were millions of files that have accumulated over a year. These files had accumulated because PHP isn't doing the garbage collection. Your session.gc_probability may be set to 0. Change it to 1. | ||
< | <syntaxhighlight lang="bash"> | ||
$ /usr/lib/php5/maxlifetime | $ /usr/lib/php5/maxlifetime | ||
24 | 24 | ||
</ | </syntaxhighlight> | ||
It's 24 minutes. Now, here is the command to delete all of the older files. | It's 24 minutes. Now, here is the command to delete all of the older files. | ||
< | <syntaxhighlight lang="bash"> | ||
$ find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec rm {} \; | $ find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec rm {} \; | ||
</ | </syntaxhighlight> | ||
This isn't necessary if you have the garbage collection enabled from the PHP configuration, but here is a cron job to run every hour as a root if this isn't caused by PHP. | This isn't necessary if you have the garbage collection enabled from the PHP configuration, but here is a cron job to run every hour as a root if this isn't caused by PHP. | ||
< | <syntaxhighlight lang="bash"> | ||
$ crontab -e | $ crontab -e | ||
0 /usr/bin/find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec /bin/rm {} \; | 0 /usr/bin/find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 -exec /bin/rm {} \; | ||
</ | </syntaxhighlight> | ||
===References=== | ===References=== | ||
http://pim.famnit.upr.si/blog/index.php?/archives/172-Running-out-of-inodes,-no-space-left-on-device,-php-not-cleaning-sessions.html (accessed on July 30, 2012) | http://pim.famnit.upr.si/blog/index.php?/archives/172-Running-out-of-inodes,-no-space-left-on-device,-php-not-cleaning-sessions.html (accessed on July 30, 2012) |