letsencrypt AWS http challenge

I had the problem, that when renewing the Letsencrypt certificate via cronjob Amazon Linux 2

certbot renew --post-hook "systemctl reload httpd"  >> /var/log/certbot.log 2>&1

the SSL certificate was not renewed, but following error occurred:

Could not choose appropriate plugin: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',)
Attempting to renew cert (foo.de) from /etc/letsencrypt/renewal/foo.conf produced an unexpected error: The manual plugin is not working; there may be problems with your existing configuration.
The error was: PluginError('An authentication script must be provided with --manual-auth-hook when using the manual plugin non-interactively.',). Skipping.

I then looked in configuration: /etc/letsencrypt/renewal/foo.conf and the Authentificator modified on Apache and the challenge of Authentificator on HTTP (through the Web server).

# Options used in the renewal process
[renewalparams]
account = xxx
server = https://acme-v02.api.letsencrypt.org/directory
authenticator = apache
installer = apache
pref_challs = http-01,

After that was the important Port 80 unlock the security group for authentication and another command

certbot renew

was the certificate was successfully renewed.

Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator apache, Installer apache
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for foo.de
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/foo.de/fullchain.pem

Angular ngx-translate TranslateLoader ohne http Modul

Compatibility with old browsers, as the Firefox version <= 5 to reach, can you do that angular http Do not use module. The NGX-translate Modules bneötigt a loader, It loads the correct language via AJAX request. Also with the XMLHttpRequest and an Observalbe solve this can:

import {Injectable} from '@angular/core';
import {TranslateLoader} from '@ngx-translate/core';
import {Observable} from 'rxjs/Observable';

@Injectable()
export class LanguageLoader implements TranslateLoader {

  getTranslation(lang: string): Observable<any> {
    return Observable.create(function (observer) {
    let url = `./assets/i18n/${lang}.json?=` + new Date().getTime();
    let xhr = new XMLHttpRequest();

      xhr.onreadystatechange = function () {
        if (xhr.readyState == XMLHttpRequest.DONE || xhr.readyState == 4) {
              let response = JSON.parse(xhr.responseText);
              observer.next(response);
              observer.complete();
        }
      }
      xhr.open('GET', url, true);
      xhr.send(null);
    });
  }
}

In the app.module.TS can you then embed the loader as follows:

TranslateModule.forRoot({
  loader: {provide: TranslateLoader, useClass: LanguageLoader}
})

Execute PHP script as a Windows service

Under Windows, scripts can be, that's endless run with PHP using a service implemented.

This has the advantage of, that is the memory consumption with the time to infinity, with endless script versions and a recovery and restart functionality can be implemented, to keep the service over long periods of time running.

Furthermore, the service receives from the operating system events, if e.g.. a shutdown is, to be able to stop in time itself and not corrupt data to produce cancellation in a non-atomic operation.

To create a Windows service, you need the win32service PHP library.

You can here them Download and in the php.ini embed:

extension=php_win32service.dll

Create service more…

PHP cURL verify a self-signed FTPS certificate

Unfortunately, you can with the PHP FTP extension no SSL certificates of FTPS servers to verify, to prevent man-in-the-middle attacks.

But it is possible through PHP-cURL the self-signed certificate to verify:

public function checkFTPSCertificate(): bool
{
    $ftp_certificate = 'path/to/cert.crt'

    $ftp_server = 'ftp://foo.de/';
    $ftp_user = 'user';
    $ftp_password = 'password';

    $ch = curl_init();

    // curl_setopt($ch, CURLOPT_VERBOSE, '1');
    curl_setopt($ch, CURLOPT_URL, $ftp_server);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_USERPWD, $ftp_user . ':' . $ftp_password);
    curl_setopt($ch, CURLOPT_TIMEOUT, 10);
    curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);


    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, '1'); // Überprüfung des Serverzertifikats
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, '2');
    curl_setopt($ch, CURLOPT_CAINFO , $ftp_certificate);
    curl_setopt($ch, CURLOPT_FTP_SSL, CURLFTPSSL_ALL);
    curl_setopt($ch, CURLOPT_FTPSSLAUTH, CURLFTPAUTH_TLS);

    $result = curl_exec($ch);
    $error_no = curl_errno($ch);
    $error_msg = curl_error($ch);
    curl_close ($ch);
    return $error_no == 0 && empty($error_msg);
}