Releases: turnkeylinux/confconsole
v2.1.0+3 - final Bullseye build
As reported by Chris in the forums the v2.0.6 release (for v17.x/Debian Bullseye) isn't quite right.
We've moved onto development for v18.x (based on Debian 12/Bookworm) but until we release v18.0, I'd like to support Chris' use case (DNS-01 Let's Encrypt validation) hence this rebuild (this code is likely what will appear in v18.x).
Also, despite what it says above, this package is actually built from current master (i.e. commit 32e5f1d
).
v2.0.6 (Bullseye)
Update to Confconsole - primarily to support DNS-01 challenges for our Let's Encrypt integration.
I'm posting this release here as it's not yet available via our apt repo (and I'm not sure when it will be).
Here's what's new for this release:
- Refactored code to provide libconfconsole
- Make the code PEP8 compliant and include typing
- Bugfix stunnel not restarting after updating certs
- Bugfix for standalone tomcat Let's encrypt plugin - closed #1712
- Move secupdates advanced config (from common) into Confconsole
- Refactor/improve keyboard setting code; may still need more? -
relevant to #1695 - Prefill hostname box with current hostname (taken from /etc/hostname)
- Bugfix install option not visable in confconsole when running live
- Add 'hostname' to the interfaces file when setting manual IP
- Networking (ifutil.py) improvements, preliminary support for wpa_supplicant
- Implementation of dns-01 challenge support in Confconsole Let's Encrypt
plugin - big thanks to @NitrogenUA
Confconsole - Python3
This is Confconsole in Python3 (targeted at Debian Buster). It should function identically to v1.1.2, except is ported to Python3.
Currently this is available only via the buster-testing
TurnKey apt repository. Assuming testing goes well over the next day or 2, it will also be published to the buster
TurnKey apt repository.
Currently a slightly newer version (tracking the master
branch of this repo) is available in the buster
TurnKey apt repository.
Confconsole - Let's Encrypt fix (take 2)
This is a minor bugfix release based on v1.1.1.
It includes all the fixes implemented in v1.1.1, plus this release also resolves turnkeylinux/tracker#1387 - where the add-water server was autostarting at (re)boot.
New users, please skip down, straight to the "How to install/update" section for instructions (non-root users, please note the relevant section).
Note for users who have already installed the v1.1.1 fix:
If you have already installed v1.1.1 and followed the instructions, you don't need this update. Instead you can just manually disable add-water (as per step 3a in the updated v1.1.1 release notes) like this:
systemctl disable add-water
If you haven't already updated, then please follow these instructions below.
Note for non root users: If you are not logged in as the root user, then many (most? perhaps even all?) of these commands will require sudo
. Rather than having to do that, the easier path is to first open a root shell like this:
sudo su -
Then you can follow the commands exactly as posted below. Once you are done, exit the root shell via exit
.
How to install/update
Assuming that you have not used Confconsole's Let's Encrypt integration before, or you have used defaults (except for the domains you are registering) then the below should "just work". If you have a customised setup then hopefully you'll know what you're doing! 😄
- Remove deprecated files (
confconsole.config
&confconsole.hook.sh
- also the default cron job):
rm -rf /etc/dehydrated/confconsole{.config,.hook.sh}
rm -rf /etc/cron.daily/confconsole-dehydrated
- Install newer Dehydrated version
from stretch-backports(backports no longer required, new version now in 'stretch main'):
apt update
apt install dehydrated
- Download and install the updated Confconsole:
wget https://github.com/turnkeylinux/confconsole/releases/download/v1.1.2/confconsole_1.1.2_all.deb
apt install ./confconsole_1.1.2_all.deb
- [Optional] If you have previously used Confconsole (or Dehydrated) to get Let's Encrypt certificates before, you are recommended to move your old Dehydrated data out of the way (alternatively it can be deleted). New users can skip this step:
mv /var/lib/dehydrated /var/lib/dehydrated.bak
mkdir -p /var/lib/dehydrated/acme-challenges
- Accept the Let's Encrypt Terms of Service (all users):
/usr/bin/dehydrated --register --accept-terms
- Get certs! 😄
You should now be good to go. If you have not used Confconsole to get certificates from Let's Encrypt on this machine previously, it is recommended that you set it up via Confconsole:
confconsole
Then select Advanced
>> Lets encrypt
and follow the prompts. See the full Confconsole docs for further info.
Alternatively, if you have already been using the Confconsole Let's Encrypt/Dehydrated plugin to get your certificates, but just need to update them, you can launch the dehydrated-wrapper
script directly like this:
/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper
Furthermore, this will almost certainly be the final release of Confconsole for v15.x (based on Debian 9/Stretch). Future releases of Confconsole will be Python3 based (work already done) and available only in (the upcoming and as yet unreleased) v16.x.
Confconsole - Let's Encrypt fix
Please note that there is a newer bugfix release for v15.x - please see here.
This updated confconsole package is intended for installation on TurnKey v15.x appliances (based on Debian 9/Stretch).
It includes fixes for a number of issues related to Let's Encrypt / Dehydrated:
- Hook script now compatible with (and requires) newer Dehydrated version.
- Uses Let's Encrypt v2 API endpoint by default (v1 API endpoint no longer works with new users/domains; will continue to work for existing users for a little while yet, but better to upgrade ASAP).
- A rewrite of
add-water
(our custom challenge mini-server) - to resolve a race-condition that came to light when used with the updated version of Dehydrated.
The related issues that this release closes are turnkeylinux/tracker#1359 & turnkeylinux/tracker#1360 respectively.
This package will be available from the TurnKey repos at some point (which will make installation that little bit easier), but in the meantime, it's also available here.
Note for non root users: If you are not logged in as the root user, then many (most? perhaps even all?) of these commands will require sudo
. Rather than having to do that, the easier path is to first open a root shell like this:
sudo su -
Then you can follow the commands exactly as posted below. Once you are done, exit the root shell via exit
.
Assuming that you have not used this before, or you have used defaults (except for the domains you are registering) then please follow the below notes to install:
- Remove deprecated files:
rm -rf /etc/dehydrated/confconsole{.config,.hook.sh}
- Install newer Dehydrated version from stretch-backports (if you already have Dehydrated from backports you can skip this step):
echo "deb http://http.debian.net/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list
apt update
apt install -t stretch-backports dehydrated
- Download and install the updated Confconsole:
wget https://github.com/turnkeylinux/confconsole/releases/download/v1.1.1/confconsole_1.1.1_all.deb
apt install ./confconsole_1.1.1_all.deb
3a. [new step!] Workaround bug turnkeylinux/tracker#1387:
systemctl disable add-water
- [Optional] If you have previously used Confconsole (or Dehydrated) to get Let's Encrypt certificates before, you are recommended to move your old Dehydrated data out of the way (alternatively it can be deleted). New users can skip this step:
mv /var/lib/dehydrated /var/lib/dehydrated.bak
mkdir -p /var/lib/dehydrated/acme-challenges
- Accept the Let's Encrypt Terms of Service (all users):
/usr/bin/dehydrated --register --accept-terms
- Get certs! 😄
You should now be good to go. If you have not used Confconsole to get certificates from Let's Encrypt on this machine previously, it is recommended that you set it up via Confconsole:
confconsole
Then select Advanced
>> Lets encrypt
and follow the prompts. See the full Confconsole docs for further info.
Alternatively, if you have already been using the Confconsole Let's Encrypt/Dehydrated plugin to get your certificates, but just need to update them, you can launch the dehydrated-wrapper
script directly like this:
/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper
Furthermore, this will almost certainly be the final release of Confconsole for v15.x (based on Debian 9/Stretch). Please note there is a bugfix release. (And that will almost certainly be the last for v15.x).
Future releases of Confconsole will be Python3 based (work already done) and available only in (the upcoming and as yet unreleased) v16.x.