Categories
Programming Writing

The Zone

Have I ever been here? Probably. I cannot recall a specific time I have been fully “In the Zone” as it were, but I know that I was close a week or two ago while working on finalizing a project for work.

https://dopeboy.github.io/in-the-zone/

Based on Manish Sinha’s definition of this state of mind, I cannot actually say that I have been 100% disconnected, with my hands on autopilot and my brain in full-logic mode. There is always some portion of me weighing this or that, examining bits of code to figure out problems, that sort of thing. It’s not really a zen experience where I am “one with the code.”

Categories
Programming Web

Super Duper Status Update

It works! I was a bit annoyed that the wordpress atom feed was only XML based. However, I do consider myself pretty good at googling things, and so I found this PHP library called “SimpleXML” which solved a LOT of stuff for me.

I used to display the first five Blogger titles on the homepage in a simple list with links.

Categories
Computer Programming Web

Manual letsEncrypt for CPanel

Jump to Renewal Instructions

At work I recently collaborated with our hosting provider to move our company website to a version of cPanel. Up until this time, there has been no way of running our site on SSL/TLS, and it’s been quite frustrating, having discovered LetsEncrypt and its ease of use. Basically, with this certificate signer, I have no reason to actually figure out the handshaking and signing process as was required in old command-line versions of SSL.

Well, our hosting provider’s version of cPanel has not really been expanded to allow for LetsEncrypt, even though multiple people on the cPanel forums say there’s a plugin available. Seems they don’t mind forcing me to pay another fee on top of everything to get an annual signature from the two default signers they had enabled in the system.

This made me wonder, and think, well CertBot, which generates the certificates and private keys and runs the signing requests automatically, always talked about this “cert only” option, and here on their website, I see instructions for a “manual” option as well. I thought this may have been exactly what I was looking for, since my scenario is – I have a website on a host who does not have LetsEncrypt enabled, but does allow me to upload certificates and keys from an offline source.

Here is my process of installing a LetsEncrypt SSL/TLS DV certificate on a cPanel site not equipped to generate one automatically.

Create a new certificate with any subdomains we’d need using certbot certonly -d c-pwr.com,www.c-pwr.com –manual

Certbot warns you that the computer’s IP you’re generating the certificate on will be shared with them, even though it’s not the server on which the cert will be installed on in the end. Type Y.

Without any “challenges” option in the original command, certbot assumes you’re using the acme challenge which involves uploading a text file to your site. Using cPanel’s file manager I simply do this.

Once the first file in acme-challenges is created, certbot asks us to create another file in the same place with a different string as its contents.

Once both files are created and saved to this location, we probably should verify that the URLs certbot is pointing to are actually visible from the public web.

Knowing that I can access the challenge files from my browser, I assume certbot will also be able to access them, presumably from a curl command or something, so I let it continue.

If we get the standard certbot success message, we now see that it’s created our certificate, chain and private key files in certbot’s standard location (I’m using the PPA repository through aptitude, so certbot automatically installs the latest versions of my certificates to /etc/letsencrypt/live/c-pwr.com/ , which are actually symbolic links to /etc/letsencrypt/archive/c-pwr.com/ , as every time we renew, it will archive the old files and create new ones.

I now can copy the contents of both /etc/letsencrypt/live/c-pwr.com/cert.pem  and /etc/letsencrypt/live/c-pwr.com/privkey.pem up to cPanel in their SSL interface.

After this, I head over to the Manage SSL Sites tool and install this certificate as-is. It automatically detects the domains I specified in the original certbot command and applies the certificate to them.

Renewal

At this point, I have no idea how the renew will work. Since LetsEncrypt issues certificate signatures for only 3 months, this will become an issue sometime in August. I HOPE the acme-challenges will remain the same, but if they don’t, it should be a simple task to recreate the files as above, then copy the files in manually, assuming certificates and private keys can be edited once created in cPanel.

Renewing is super simple, but with this method must be run differently from an automated certbot renew.

  1. Run certbot certonly -d c-pwr.com,www.c-pwr.com --manual again.
  2. I am asked to create new acme challenges on the webserver which I did.
  3. Since the cert already existed in the /etc/letsencrypt/live, it detected this as a renew, and did not prompt me to upload certificates a second time!!
  4. I logged into cPanel and created two text docs in the File Manager as instructed, hit enter in my local server command line and it did everything from there.
  5. 2018-08-01: I forgot that I also need to update and re-copy cert.pem and privkey.pem to CPanel SSL/TLS Status in order for it to actually update, as cPanel just emailed and said my cert was expiring in ten days.
    • cPanel > SSL/TLS > Install and Manage (Manage SSL Sites)
    • Scroll down and select the old domain in the dropdown.
    • sudo cat /etc/letsencrypt/live/c-pwr.com/cert.pem
    • sudo cat /etc/letsencrypt/live/c-pwr.com/privkey.pem
    • Copy the certificate and private key text to the crt and key fields in cPanel.
    • Click Install Certificate.

Additionally, I needed to manually set up my .htaccess file to redirect any http requests to the https version. This is usually done automatically by certbot during an automatic installation, and is embedded in the /etc/apache2/sites-available/000-default.conf file, but since I don’t have access to this, .htaccess will have to do.

Categories
Computer Programming Web

A Fun Adventure in PGP

So I got curious about PGP keys and signing and encrypting using them. I managed to figure out how to use the semi-popular gpg4win (the standard windows port of GnuPG) with its built in Kleopatra GUI, Outlook add-ins and all the other fun stuff.

Categories
Life Programming

That’s a lot of code I’ve “example’d”

Not to say it isn’t useful. I certainly hope it is.

Oh and it’s that time of year where I switch out blogger templates. Maybe this time I’ll make it more straightforward and automated. Maybe.

Which reminds me: this is the first year that my MUSH will be auto-deploying its Christmas theme. Pretty excited for that!

Anyway, that’s all for now.

Categories
Computer Programming

LetsEncrypt List of Useful Commands

Here are a few letsencrypt commands that I’ve found useful in the past few months of trying it out.

Categories
Computer Programming

Typecasting struct to char* for Idiots Like Me

Want to cast from a struct to a character string? Seen all those posts out there suggesting that reinterpret_cast will work, but is unsafe? Yeah, I tried it. Yeah, it’s unsafe.

Categories
Computer Programming

Embarcadero TThread Works Just Fine

I’ve been annoyed for a large amount of time (years in fact) over some of our software we use and sell. In essence, what we have is a TCP GUI that communicates on a 250ms timer with a microcontroller that’s serving up a two-way communications protocol over ModBus FC23 – we send commands either to write data to or read data from the unit.

Categories
Computer Programming Web

PHP Access Control List

A quick little Access Control List (ACL) snippet I made for PHP/HTML. Enjoy!

<?php

$acl = array(
    // Populate with IP/Subnet Mask pairs.
    // Any zero bit in the subnet mask acts as a wildcard in the IP address check.
    array("192.168.10.24","255.255.255.255"),
);

$acl_allow = false;
for ($i = 0; $i < count($acl); $i++) {
    $ip2chk = (ip2long($acl[$i][0]) & ip2long($acl[$i][1]));

    if ((ip2long($_SERVER['REMOTE_ADDR']) & $ip2chk) == $ip2chk) {
        $acl_allow=true;
    }
}

if ($acl_allow) {
    // Put all test stuff here!! Only visible to ACL.
    phpInfo();
} else {
    echo "<a href='http://this-page-intentionally-left-blank.org/whythat.html' target='_blank'>This page intentionally left blank.</a>";
}

?>

 

Categories
Programming School

Integer Math – Converting to Binary

Yes, I realize this is a beginning digital logic concept, but I need somewhere to write this so I don’t forget again.