Drupal 8 and Let's Encrypt

Andi Northrop's picture

Hi there,

I'm a newbie to Turnkey and currently starting work on a Drupal 8 project where I also plan to use Let's Encrypt.

I got the LAMP stack all set up for a test and D8 installed on it but wondered if you had a rough timescale for when Turnkey 14.2 might be seeing the light as I gather that it will support both D8 and LE?

Thanks guys, this is a great product.

Jeremy Davis's picture

I hope to be building Core v14.2 later this week, or early next week at the latest. Once we have done some testing with Core and proven that everything is 100% good, then we'll build a batch of other appliances as v14.2. LAMP and Druapl8 should be in the first batch.

It will have support for Let's Encrypt (a single domain and up to 4 sub domains) baked in. That will be accessible via our commandline confconsole.

Andi Northrop's picture

Thanks! That's really good news, much appreciated.

Jeremy Davis's picture

As a brief update, we have now built Core v14.2 ISO. We haven't yet publicly released it, but it is on our mirror for any that are particularly keen to test it out. We are currently working on the alternate builds (i.e. OVA, VMDK, Proxmox container, Xen, EC2, etc) and doing some final testing.

I'm still hopeful that Core will be released this week but I can't guarantee it (and it's quite likely it won't be until next week).

Andi Northrop's picture

Cheers!

Jeremy's picture

v14.2 is now live! Next on the agenda is the first batch of appliances. Hopefully we should them ready for release in about a week. No promises, but Drupal 8 should be among them.

In the meantime, if you'd like to update confconsole so you can easily use Let's Encrypt certificates, please have a look at the docs. It should be pretty straight forward.

Andi Northrop's picture

Thanks, tried updating conf console and though everything seemed to execute fine I now get the following errors when trying to use conf console:

I'm not really sure what to play with to fix it - I'll probably just restore from a backup if the solution isn't immediately obvious, but thought you ought to know.

Andi Northrop's picture

Sorry, wrote that before trying to reboot the server. All working fine after said reboot.

Jeremy Davis's picture

I don't recall needing to reboot when I was testing. Although now that I think about it, I may have actually purged the old confconsole before I updated. When I get a chance I'll have a bit more of a look and add any missing steps. Anyway, you got it going now, so great work!

Out of interest, what are your thoughts? Do you have any feedback for me/us? Positive feedback is reassuring and nice, but constructive criticism is often better (i.e. what we could do better, make easier, etc).

Also FWIW, I can confirm that Drupal 8 is in the next batch. If all goes according to plan, 27 more v14.2 appliances (inc Drupal7 & 8) should be ready for download tomorrow! :)

Andi Northrop's picture

Great, looking forward to giving 14.2 LAMP/Drupal 8 a whirl!

My main reason for having a look at the new confconsole was to try out the Let's Encrypt support but it doesn't work with those instructions - I'm guessing because the files it uses on first try aren't there in 14.1 (the ones it grabs from /usr/share/confconsole/)?

It doesn't really bother me as I'm going to be upgrading to 14.2 very soon but it's probably worth updating those upgrade instructions.

Cheers.

Jeremy Davis's picture

The package should contain all the files required (/usr/share/confconsole is managed by package management). So it should work...

FWIW it was actually developed on v14.1 and I thought I'd tested it fairly thoroughly. I wrote those instructions (after I'd finished development) by stepping through installation on v14.1 and it appeared to work ok. I tested it on a range of appliances, servers with no webserver (Core), Apache (LAMP & LAPP), Nginx, Lighttpd and Tomcat. I also had an active community member assist me with testing and he said it was working fine for him.

The only thing that comes to mind is that perhaps there is a small step I missed from the docs? I guess another possibility is that something on your server has changed from default and the upgrade makes some assumption which is not true in your case.

It sounds like you aren't too fussed at the moment, but TBH it should work so I'd like to work out why it isn't! Can you share the error you are seeing so I can try to reproduce it? If I can reproduce it, I can fix it! :)

Andi Northrop's picture

So... most of my difficulties stem from only having used cPanel before this, which is revealing a knowledge gap I didn't know I had!

Having looked through the "Behind the scenes" section more thoroughly I spotted where it was storing the certificates (/etc/ssl/private) and realised that I probably had to actually tell Apache to use them - did that in Webmin (remembering to change the port to 443) and hey presto, all working.

My suggestion would be an extra step in the docs for newbs like me who've come from a much more obfuscated system like cPanel reminding us to actually install the certificate(s) we've just generated.

Thanks for your help, I think I'm getting there!

Jeremy Davis's picture

FWIW v14.x servers should be using the certs in /etc/ssl/private by default. You would need to restart Apache (or whatever webserver) for it to pick up the new certs, but otherwise it should all "just work". If you had been using a cert other than the self signed ones that the server comes with (i.e. not using /etc/ssl/private/cert.pem) then yes you will need to reconfigure your Apache (or whatever webserver) to use the new certs.

If you get the urge to have a dig around, we actually devised the Let's Encrypt integration so that it works pretty easy for those that just want a single cert (or a single cert with a few subdomains) for their server. But we also tried to do it in such a way that our work can be leveraged for more complex usage scenarios.

Andi Northrop's picture

Also, do you guys have a release mailing list? My hosts (buyvm.net) are asking so they can keep their list of ISOs up to date.

Jeremy Davis's picture

You can subscribe to that, via the "Security and News Announcements" block (towards the top, on the left) on any blog post, e.g. here. We post to that whenever anything urgent needs to happen (e.g. security issues we become aware of).

We aim to get a newsletter out soon after a release. However, we generally post blog announcements first and then send out a newsletter when we've got "enough" to warrant it (to keep the traffic down). So subscribing to the blog (via feedburner) will give more timely notifications of what we're up to. We try to keep the blog relevant, but we do sometimes post random blog posts that aren't directly related to TurnKey, so they'll need to decide what works best for them...

Post new comment