LetsEncrypt SSL Certificate Renewal Command

The LetsEncrypt certificates expire every 90 days. You will get a reminder email from the LetsEncrypt CA a couple of weeks before expiry.

Here is the email that I received

From: <expiry@letsencrypt.org>
Subject: Let's Encrypt certificate expiration notice
Message-Id: <20160322T090444.5984058796943941351.expiry@letsencrypt.org>
To: <dp@ii.net>

Hello,

Your certificate (or certificates) for the names listed below will expire in 19 days (on 11 Apr 16 06:10 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

sandbox.pascoe.biz
ses.rosacea-support.org

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email.

If you are receiving this email in error, unsubscribe at LINK (HTTP link, we know. We're working on it!)

Regards,
The Let's Encrypt Team

To renew your LetsEncrypt certificate, go to the place where you installed the LetsEncrypt client ;

command: ./letsencrypt-auto renew

bitnami@ses:~/le/letsencrypt$ ./letsencrypt-auto renew
 Updating letsencrypt and virtual environment dependencies......
 Requesting root privileges to run with virtualenv: sudo /home/bitnami/.local/share/letsencrypt/bin/letsencrypt renew
 Processing /etc/letsencrypt/renewal/ses.rosacea-support.org.conf
 new certificate deployed without reload, fullchain is /etc/letsencrypt/live/ses.rosacea-support.org/fullchain.pem
Congratulations, all renewals succeeded. The following certs have been renewed:
 /etc/letsencrypt/live/ses.rosacea-support.org/fullchain.pem (success)

Then restart your web server and you should see the renewed certificate being served to your site visitors.

Advertisements
LetsEncrypt SSL Certificate Renewal Command

Google Play Music rescues iTune’s fail fail fail

google-play-music

For the last several months I have been more and more frustrated with iTunes and its complete failure to be able to sync my MP3 library to our children’s iPods. The ever growing library of audio books seems to have kept even the creeping iOS releases completely unable to put media files on their devices.

First, I have to admit there are a lot of media files in my iTunes library.

2016-03-11_10-33-00

I have spent hours and hours syncing, resetting both devices, replugging, waiting, watching to try to get a sync operation to complete my reques to delete some files and add some more. Sync operations would never complete, even after several hours, or complete and do nothing towards actually updating the device.

iTunes you are broken broken broken.

This is no surprise to many, but I have to write about it to get it out of my system. FAIL Apple FAIL.

Now a few months on I am happy to say that Google Play Music has come to the rescue with a cloud-based-solution that actually seems to work and can handle a large media library.

Now I use iTunes to rip the audio books and add artwork and create playlists and then the Chrome extension for Google Play Music copies the media to the cloud and then via the iOS Google Play Music app we can play the library over the internet no problegoogm.

The Chrome extension runs in the background and over several months it has never failed to be able to upload and sync all my media and playlists. It can take a few hours to work its way through a recently updated iTunes library, but it does get there.

Here you can see Chrome has been able to upload more than 19,000 items into my Google Play Music account.

2016-03-11_10-36-44

I can upload up to 50,000 tracks – yay! some room to grow.

Here is what it looks like on the iPod app.

IMG_0430

I have the bonus that our Android phones can also stream audio books as well, and can use the offline toggle to take a local copy of books I want to play in the car too.

Thankyou Google for a solution that actually works.

 

Google Play Music rescues iTune’s fail fail fail

Bruteforcing admin-ajax.php ?

I seem to get a continual stream of sites trying to set a http POST to a particular admin file for WordPress. I have a locked down wp-admin area on my WordPress sites to stop hackers trying to brute force guess passwords to the admin area. So anyone trying to access my admin pages will get a http error 403 - Denied.

What is interesting is how many people are trying to access

/wp-admin/admin-ajax.php 

with a http POST. Even googlebot has a good try getting something useful from the URL.

Strange.

I have checked webmaster console it my site crawl looks ok, so the googlebot entries have me confused. The rest are just hackers I think.

Here are some examples

88-106-75-24.dynamic.dsl.as9105.com - - [01/Mar/2016:07:18:59 -0600] "POST /wp-admin/admin-ajax.php HTTP/1.0" 403 48 "https://rosacea-support.org/articles/cleansers" "Mozilla/5.0 (iPad; CPU OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1"
cpe185933f89386-cm185933f89383.cpe.net.cable.rogers.com - - [01/Mar/2016:07:19:02 -0600] "POST /wp-admin/admin-ajax.php HTTP/1.0" 403 48 "https://rosacea-support.org/favourite-over-the-counter-treatments.html" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko"
194-83-93-28.qmu.ac.uk - - [01/Mar/2016:07:19:09 -0600] "POST /wp-admin/admin-ajax.php HTTP/1.0" 403 48 "https://rosacea-support.org/eucerin-redness-relief-licochalcone.html" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_2_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13D15 Safari/601.1"
crawl-66-249-75-233.googlebot.com - - [01/Mar/2016:07:22:09 -0600] "POST /wp-admin/admin-ajax.php HTTP/1.0" 403 48 "https://rosacea-support.org/soolantra-before-and-after-pictures.html?relatedposts_hit=1&relatedposts_origin=5174&relatedposts_position=0" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"

It seems that this script is being used for heartbeat polling by wp-admin scripts to lock edit pages, synchronise draft saving etc. So I need it when I am logged in, but why are all those sites trying to heart beat poll me ?

[update] From Brute Force Attacks

If your theme or plugins use AJAX, you will most likely need to add an additional group of settings to your .htaccess so that functionality continues to work:

# Allow access to wp-admin/admin-ajax.php
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

Save the file and upload it to your wp-admin folder.

So something in my theme or plugins needs an ajax call to the admin area it seems. If I could easily change my IP address I could use Chrome’s console to see who is asking for the POST request but at the moment I have no idea. The log file is nice an green now though so that bit is fixed.

Bruteforcing admin-ajax.php ?