Author: kevin

Posted on

Creating and renewing Let’s Encrypt SSL certificates with certbot

After purchasing SSL certs for many years for my personal project websites, I recently switched to creating free Let’s Encrypt certs using CertBot instead.

To install with python and pip on Debian based Linux, for nginx (from here):

Install deps and install:

sudo apt install python3 python3-dev python3-venv libaugeas-dev gcc
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip

sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/local/bin/certbot

    To generate certificate and renew manually (same command):

    sudo certbot certonly -v --reinstall --webroot --webroot-path=/var/www/html/ --email your@email --agree-tos --no-eff-email -d your.domain.name

    To view current status of your certificates:

    certbot certificates
    Posted on

    GitLab Runner building Docker image is out of space

    #10 2.041 Warning: More space needed than available: 490 kB > 0 B, installation may fail
    #10 2.041 Error: You don't have enough free space in /var/cache/apt/archives/.

    Checking /var/lib/docker, it is indeed low on space:

    $ sudo du -sh /var/lib/docker
    2.0M /var/lib/docker

    Cleaned up some free space with:

    docker system prune --all --force

    Reclaimed an additional 5GB, all good.

    Posted on

    base64 encoding Kubernetes Secrets includes newline char when exported as an env variable (if you don’t use -n option with echo)

    I’m deploying an app to Kubernetes that references a Kubernetes Secret that is exported as an env var on the pod. I couldn’t work out why I kept getting this error when the pod was starting up:

    FATAL: password authentication failed for user "admin"

    but if I exec’d into the pod to check the value of the env var, it was the correct value that I expected.

    Eventually I did stumble across this clue – ‘printenv’ inside the pod shows:

    DB_PASSWORD=[value here]

KUBERNETES_SERVICE_PORT_HTTPS=443
[... other values here]

    Between DB_PASSWORD and the next value there’s a blank line, followed by a long list of other env var values, with no other blank lines.

    From this question, the issue is how I originally encoded the base64 value with:

    echo your-value-here | base64

    which is not the same as:

    echo -n your-value-here | base64

    echo apparently includes a newline by default, so you need to use it as above with the -n option

    Proudly powered by WordPress