ISPConfig & Let’s Encrypt

The guys at ISPConfig do good work – although it can sometimes get in the way of my own server configuration, the vast majority of the time it saves a huge amount of effort on what would otherwise be mundane and routine tasks.

With FOSS solutions like this though, “must-have” features don’t always come quickly – CPanel implemented Let’s Encrypt functionality very early on, but ISPConfig users had to wait 6 months (which is pretty fast considering the circumstances).

I needed a solution immediately though, which is why I rolled this (reasonably awful) automation to integrate.

The solution has worked well enough for the past 12 months or so (although implementation on slave servers wasn’t easy or pretty), but I figured it was time to upgrade to ISPConfig 3.1 – with built-in Let’s Encrypt support.

It’s almost always best to stick with the native solution rather than a third party one (particularly when the third party one is developed by a time-poor hacker), and that rule largely applies here. Continue Reading…

Hosted Exchange – Auto-forwarding to external domains

A Very Sensible policy, enforced by default in Exchange Server is to ignore rules automatically forwarding mail to external domains.

It’s fairly easy to see why this is, in fact, Very Sensible:
Your organisation assigned email addresses to people who have agreed to be bound by its policies (right?) – allowing auto-forwarding to any address outside that domain risks you being responsible for a breach of confidence.

I’m all for having the “secure” option be the default and for discouraging or preventing users from breaking that security in the name of convenience.

But there are times when other, less sensible policies are in place that I feel the users should have recourse to implement workarounds. One such policy might be (for example), having an email quota set to (purely hypothetically), 100MB.

This is ample space for email in 1997. This is hilariously limited space in 2016. Continue Reading…

Android – Location Based Reminders

Just a quick one:

I’ve had issues with Google Now’s reminders since I first owned a Nexus 4 (a few years back) and the issue persists with my Nexus 5X. The trouble is in having reminders trigger at a particular location, rather than a particular time.

For example, if I know I need to pick something up next time I visit my in-laws, but don’t know when I’ll next be at their house, I can set a reminder and select “place” instead of time. In theory, entering their address is all that is needed to make it work.

google-now-location-b

This image was stolen wholesale from this article: http://www.makeuseof.com/tag/8-amazing-life-improving-uses-google-now-reminders/

In practice… nothing. Just… nothing. Continue Reading…

Looking for a Copy replacement: pCloud

As of this month (May, 2016), Copy is no more.
(I’m sure one day soon that link will be a dead end or be sold to someone not relevant)

Copy was a cloud storage service much like Dropbox or Google Drive – you had an amount of storage space to fill up with your junk, a web interface to access it, some local applications for your computers and mobile devices and it handled syncronisation.

there is no cloud

Sticker from Chris Watterston – click the image to visit his store thingy

Continue Reading…

Let’s Encrypt – Mysterious Authority Issues

Lately, new sites I’ve created using my ISPConfig automation and letsencrypt.sh┬áhave been received inconsistently on various browsers – the issue appears to be particularly prevalent on OSX.

Doing some digging revealed a possible incomplete chain issue to be the cause.

Sure enough, modifying my Apache conf to incorporate a direct link to the intermediate chain fixed the issue.

My LE-ISPConfig Apache conf now looks like this:

That little line at the bottom was what made the difference; chain.pem (a symlink to my primary domain’s intermediate cert chain) will be updated as and when keys and site certs are updated via cron. Continue Reading…