Thursday, December 16, 2021

letsencrypt certificate not renewed

Short answer - it was due to ca-certificates not being updated. 

One of our web servers started showing 'certificate expired' errors. Checking, found that manually running
certbot --apache
gave errors - 
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
among others.

Googling, found several suggestions at
https://community.letsencrypt.org/t/certificate-verify-failed/69444

Reinstalled certbot as recommended at
https://stackoverflow.com/questions/53870702/why-is-certbot-renew-giving-bad-handhake-error

apt install certbot

Still the same error was seen. 

Tried
tail -n100 /var/log/letsencrypt/letsencrypt.log
- that did not show anything more than the same error as above,

Checked
more /etc/hosts
no issues there. 

Tried
curl -v https://acme-v02.api.letsencrypt.org/directory
which showed a certificate error for that server, which implied that I needed to reinstall the ca-certificates file also.

apt install ca-certificates

Then,
certbot --apache
worked - the web server was working at this point.

Then, I thought it would be better to update all the software on it to prevent such issues - 

apt update
apt upgrade

During the update, certbot could not find the http conf file for one of the domains, so I had to do a2ensite for the relevant site later. 

# a2ensite name-of-conf-file
# service apache2 reload

Saturday, December 11, 2021

finding manufacture date of a laptop

Was curious about the age of the machine I'm working on - a Macbook running Linux Mint. On MacOS, one can find details of the hardware by going to the About this Mac menu item from the Apple menu, copying the serial number and then checking sites like EveryMac.com or
https://serial-number-decoder.com/apple-serial-number/apple-serial.php

On linux, found that
dmidecode -t system
gives 

System Information
Manufacturer: Apple Inc.
Product Name: MacBookPro6,2
Version: 1.0
Serial Number: WxxxxxxYAGW
UUID: xxxxDA02-xxxxx-0A56-89AF-2ABCDxxxF
Wake-up Type: Power Switch
SKU Number: System SKU#
Family: MacBook Pro

and that with the serial-number-decoder.com link above tells me 
"This 'MacBook Pro (15-inch, Mid 2010)' was made in Shanghai China in week 02 of 2011."


Friday, December 10, 2021

using Google sign in for our php portal

Following the basic idea explained at
https://phppot.com/php/php-login-script-with-session/
for Google sign-in support for our portal - in our case, it is a postgresql database and not mysql, and we already have the database in place.

We also added a button to sign out of current google account, to make it more user-friendly for people who use multiple google accounts.

<form action="https://accounts.google.com/Logout" method="get" target="logoutframe">
  <input type="submit" value="Sign out from google account" class="w3-button w3-block w3-blue" id="googSO">
</form>

In our case, it was implemented by SC with a function in our User class, $user->processGoogleLogin() so that google_login/login.php has

$google_account_info = $google_oauth->userinfo->get();
$isLoggedIn = $user->processGoogleLogin($google_account_info->email);

and processGoogleLogin() has a select statement with the condition

WHERE u.id = r.user_id AND 
  r.role_id = m.role_id AND
  u.email ilike $1

Wednesday, December 01, 2021

custom role for user able to start and stop vm in Azure

Apparently there is no built-in role at present in Azure which allows a user the permissions to start and stop a VM in Azure (and not much else). Even the Virtual Machine Admin role doesn't. According to this SO post,

1. Add Custom Role
2. Select "Clone a role" and role to close is "Virtual Machine User Login"
3. Click Next
4. Select add permissions
5. Scroll  down to "Microsoft.Compute.VirtualMachines" and tick
Microsoft.Compute/virtualMachines/start/action"
"Microsoft.Compute/virtualMachines/powerOff/action"
"Microsoft.Compute/virtualMachines/deallocate/action"
6. Click Next, select subscription, Next, Next then "Create".

And then after creating the role, we can assign it to a user.