Why I don't like #Linux:
Oh, you want to host HTTPS? Install a self-signed certificate into Apache with certbot and Let's Encrypt. (That mumbo jumbo is the easy part, and is the same as Windows. But here's where it takes a turn...)
Oh, you want to install certbot? First, install snapd, a whole other framework for installing dependencies because apparently the one built into the OS isn't good enough.
Oh, snapd is mysteriously failing? Get to google, son.
Oh, Google has enshittified and there are no relevant results? Ahahaha π©
So, anyway, apparently the answer was that at one obscure point in the process, I was supposed to type the word "socket" where every other service I've ever installed needed the word "service" and I didn't notice the difference. That's two hours of my life I'm never getting back.
@freemo The server was provided by a client, running CentOS 7. All I have is SSH access. So, I had to configure by hand, and snapd is the recommended way to do so by the certbot team for that distro.
Also, fwiw, on Windows, I just downloaded ACME program and ran it. It didn't need any dependencies.
π³π±
@LouisIngenthron even if the servert was provided by a friend why not just install docker and then bring it all up in a single command? with no dependencies at all.
Personally im not sure why anyone would operate a server outside of a docker-type environment.
@freemo It's a dedicated server, not cloud.
@LouisIngenthron Im not sure what you mean... you jsut install docker on the dedicated server, then run your services in docker... the cloud is just a bunch of dedicated servers.
@freemo Containerized microservices are very useful tools, but that feels like square-peg/round-hole. Not everything needs to be a microservice.
@LouisIngenthron Im not talking about microservices at all.. monolithic services run just fine (and better) in containers too. These days its the norm for all services, micro or otherwise.
@freemo I'm not a sysadmin, so this isn't my area of expertise, but that seems like overkill to create a whole new linux subsystem in a container when I already have a perfectly good one outside of the container.
@LouisIngenthron containers are light weight and still reside on your own kernel, at least on linux. On windows they can be quite inefficient since there is no native kernel, but thats another matter. On linux they arent anymore resource intensive than an isolated chroot directly.
Id say bare metal is overkill because now you have a system you need to perpetually maintain and keep upt o date and constantly battle with dependency rot, something docker addresses quite nicely.
@sdgathman @freemo @LouisIngenthron You can have the best of both worlds with Kata Containers.
I am pretty well expiernced with Docker, but there is so much container tech i would love to learn and play with... especially now that docker hub put up barriers to free orgs.
@freemo @sdgathman @LouisIngenthron Indeed. Podman is a great Docker alternative and Kata Containers is a way to run containers in tiny VMs, which is especially great for multi tenant hosts or zero trust environments.
@vwbusguy I think LXM was the one I wanted to play with next... seemed to have some sort of VM thing going but i didnt get too deep
@freemo I'm guessing you mean lxd? That recently had an interesting shake-up, takeover of sorts from Canonical, who owns the trademark. lxc is an alternative container runtime that is a separate project from lxd.
@vwbusguy i mean both lxd and lxc .. i want to learn both
@LouisIngenthron Sounds like my experience with Windows administration.
Never personally had an issue with certbot, though I'm not a big fan of its insistence on snap either. Evidently the auto-install failed to detect your environment?
@cdp1337 No, the problem was ultimately that I was supposed to enable the socket separately before enabling the service and I misread that in the instructions. So, when I enabled the service, it just killed itself waiting for the socket.
@LouisIngenthron why certbot? I would use acme.sh, which is better for my health π
@skyblond Because that's what Let's Encrypt recommended.
@LouisIngenthron then I would recommend https://github.com/acmesh-official/acme.sh ,it's a simple bash script and can do basically everything certbot can do. And it also supports other CAs.
@skyblond I'm all set for now, but I'll keep that in mind for next time, thanks!
Pasties
@LouisIngenthron you know funny enough I hit a very similar thing recently with certbot but it was with a timer "service" not a "socket"... Renewals don't happen automatically without it...
@LouisIngenthron snap also wasn't involved in my situation... I just used the distro native one
@LouisIngenthron Except none of that is really needed .. you are talking about a specific way of installing something on a specific distro.. its outdated and not really how most system admins would do it.
For example all my servers run linux. You just use one of the many cool tools like traefik, never touch snap (in most cases youd probably use docker so you dont touch ANY dependencies), you dont even need to do the certs yourself they are obtained all automatically... A full infrastructure is up with a single command.
Even if we talk about the old bare metal way on ubuntu... windows doesnt even have a dependency management system at all like snap or apt. So its hard to see how it is better to have to manually go out and fetch one dependency after another, hope it all works, and deal with convoluted point and clicking GUI to find your way. At least in linux all your dependencies are pulled in in a single go.