Categories
Binary World npw.net

Let’s Encrypt continued

The first cer­ti­fic­ate I’ve ordered during the closed beta phase has been replaced now. HPKP is enabled again. With the standard Let’s Encrypt (LE) procedure, a new private key is generated every time a new cer­ti­fic­ate is issues.

In order be able to enable HPKP again, you either need to use the standard LE client with a pre­vi­ously created CSR or use some other client.

With the LE client, that would mean: letsencrypt-auto certonly -a manual --csr {csr} as outlined in an article by Thomas Leister (in German).

One very nice altern­at­ive client is acme-tiny. I’ve decided to follow that route. It’s quite nicely outlined in a post by Scott Helme.

I still haven’t estab­lished a proper key turnover procedure for standard TLS cer­ti­fic­ates and for DNSSEC (where the key regis­tra­tion with the TLD is the most chal­len­ging and time-intensive task, depending on your provider). That’s some project for rainy, boring

Categories
Binary World npw.net

Let’s Encrypt

The first pro­duc­tion Let’s Encrypt cer­ti­fic­ate is issued and installed on baer.one. HTTP/2 is also enabled, thanks to nghttpx. Works like a charm :)

I’ll try to post some config settings for nghttpx and also Let’s Encrypt, but that’s a really straight forward task (if no servers are listening to ports 80 and 443).

Categories
Binary World Excitements npw.net Work

LXC Scripts for Ubuntu Lucid

In his blog, Nigel McNie provides a nice hands-on intro­duc­tion to LXC. Along with this, he provides us with a set of scripts that do the work quite nicely. I cloned that repos­it­ory and added a script for Ubuntu Lucid. It’s quite handy to me, sup­posedly also for somebody else out there?

A git repos­it­ory is available at GitHub: http://github.com/phbaer/lxc-tools

Categories
Binary World Excitements npw.net Private

Gallery Moved

I finally decided to move my gallery to a (more spe­cial­ised) service provider. Maybe you already noticed the new naming scheme. Even though Menalto Gallery is a great piece of software, I wanted to have an easy-to-use, safe solution that does not require manual software updates or upgrades to be installed. I’m getting lazy, I know :)

So, the new gallery is still reachable via http://phbaer.net/gallery/ but it will be redir­ec­ted to http://photos.phbaer.net/. Unfor­tu­nately, SmugMug offers no secured con­nec­tions to the user galleries. You will further need to enable JavaS­cript, just in case you deac­tiv­ated it.

Please do not be alarmed by the new domain name of missing cap­ab­il­it­ies of the new service. I hope you still enjoy browsing through my col­lec­tion and do not hesitate to comment or rate the pictures! :)

Categories
npw.net Uncategorized

Backup-Server-Crash

Pre­sum­ably due to a SSM bug in the Linux kernel, the backup npw.net server crashed some days ago. Since my ISP is about 500 km from here, I had to wait until Monday for my provider to restart the server. Now it is up again. The following message was logged to syslog:

Jul 18 08:39:20 localhost sm-mta[30237]: rejecting connections on daemon MTA-v6: load average: 978

Quite a high load, isn’t it? :)