Saturday, April 14, 2018

Let's Encrypt certification renewal on EC2


Let's Encrypt certificate is replaced by the command below
"--dry-run": testing process. no execution
"--force-renew": force renew certificate. Without this option, certificate which needs more time to expired is not replaced.

# ./certbot-auto renew --force-renew --dry-run


Encountered error below.

# ./certbot-auto renew --force-renew --dry-run
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding


Error message wouldn't change even the modules are installed.

# pip install cryptography hazmat bindings openssl binding
Collecting cryptography

# ./certbot-auto renew --force-renew --dry-run
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in <module>
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in <module>
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 41, in <module>
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in <module>
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in <module>
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in <module>
    from OpenSSL import rand, crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/rand.py", line 12, in <module>
    from OpenSSL._util import (
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/_util.py", line 6, in <module>
    from cryptography.hazmat.bindings.openssl.binding import Binding
ImportError: No module named cryptography.hazmat.bindings.openssl.binding


Error message is changed after executing the command below. It means pip path used by Let's Encrypt is different.

# /opt/eff.org/certbot/venv/bin/pip install -U certbot


# sudo ./certbot-auto renew --force-renew --dry-run --debug
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in 
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in 
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in 
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in 
    import OpenSSL
ImportError: No module named OpenSSL


Install "openssl" with the pip path.

# /opt/eff.org/certbot/venv/bin/pip install pyOpenSSL

# sudo ./certbot-auto renew --force-renew --dry-run --debug
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in 
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in 
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in 
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in 
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in 
    from OpenSSL import crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in 
    from cryptography import x509
ImportError: No module named cryptography



Also install "cryptigraphy".
"no module named cryptography" error even cryptography module is installed successfully.

# /opt/eff.org/certbot/venv/bin/pip install cryptography

# sudo ./certbot-auto renew --force-renew --dry-run --debug
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 10, in 
    import josepy as jose
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/__init__.py", line 44, in 
    from josepy.interfaces import JSONDeSerializable
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/interfaces.py", line 8, in 
    from josepy import errors, util
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/josepy/util.py", line 4, in 
    import OpenSSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/__init__.py", line 8, in 
    from OpenSSL import crypto, SSL
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in 
    from cryptography import x509
ImportError: No module named cryptography



only put "sudo" to avoid the error.

# sudo /opt/eff.org/certbot/venv/bin/pip install cryptography

# sudo ./certbot-auto renew --force-renew --dry-run --debug
Error: couldn't get currently installed version for /opt/eff.org/certbot/venv/bin/letsencrypt:
Traceback (most recent call last):
  File "/opt/eff.org/certbot/venv/bin/letsencrypt", line 7, in 
    from certbot.main import main
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/certbot/main.py", line 11, in 
    import zope.component
  File "/opt/eff.org/certbot/venv/local/lib/python2.7/dist-packages/zope/component/__init__.py", line 16, in 
    from zope.interface import Interface
ImportError: No module named interface


Install "interface" as same way.

# sudo /opt/eff.org/certbot/venv/bin/pip install interface


Successfully replaced certificate, finally!

# sudo ./certbot-auto renew --force-renew --dry-run --debug
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/www.yoshiislandserver.net.conf
-------------------------------------------------------------------------------
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.yoshiislandserver.net
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/www.yoshiislandserver.net/fullchain.pem
-------------------------------------------------------------------------------

-------------------------------------------------------------------------------
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/www.yoshiislandserver.net/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.

Wednesday, January 3, 2018

csv update app with spyre python

now I created csv update app with spyre. full code is here.

Preparation

set python vision and install dataspyre.
% python -V
Python 3.5.0
 
% pip install dataspyre

set directory tree as below. "test_data.csv" is the csv file to edit. number of columns have to be 5.

% tree
.
├── csv_update.py
├── data
│   ├── test_data.csv


% cat data/test_data.csv
data1,data2,data3,data4,data5
haha,hihi,huhu,hehe,hoho
gaga,gigi,gugu,gege,gogo
rara,riri,ruru,rere,roro

Execution


% python csv_update.py

Then, access to "http://127.0.0.1:9093"
input file name and push "get data" button.



input data and push "add data" button.




push "get data" button again to check added data.
backup data added under "data" directory in case.




% tree
.
├── csv_update.py
├── data
│   ├── test_data.csv
│   ├── test_data.csv_20180103173523
│   └── test_data.csv_20180103174330

% cat data/test_data.csv
data1,data2,data3,data4,data5
haha,hihi,huhu,hehe,hoho
gaga,gigi,gugu,gege,gogo
rara,riri,ruru,rere,roro
data1,data2,data3,data4,data5

Saturday, December 2, 2017

Where is the gateway IP address with NAT on VMware Fusion?

(1) check NAT network assigned by ifcofig


% ifconfig
......
vmnet1: flags=8863 mtu 1500
ether xxxxx
inet 192.168.167.1 netmask 0xffffff00 broadcast 192.168.167.255
vmnet8: flags=8863 mtu 1500
ether xxxxx
inet 192.168.154.1 netmask 0xffffff00 broadcast 192.168.154.255
......

vmnet1 is for host-only network. now, I use vmne8 (NAT) network to fix geteway IP of the VM.




(2) check vmnet8 config file


find gateway address on /Library/Preferences/VMware Fusion/vmnet8

/Library/Preferences/VMware Fusion/vmnet8
% cat nat.conf
# VMware NAT configuration file
# Manual editing of this file is not recommended. Using UI is preferred.
 
[host]
 
# NAT gateway address
ip = 192.168.154.2  # <== here!
netmask = 255.255.255.0
 
# VMnet device if not specified on command line
device = vmnet8

.......