Let's Encrypt

Has anyone managed to get Let’s Encrypt working with ACME V2? If so, would they be willing to share it? Or give a few hints on how to get it working?

Thanks

Hi Peter,

I am doing a presentation in two weeks at the 4D Summit on just that (well, certificates, http security and Let’s Encrypt).
I have implemented acme v2 indeed. I only have done HTTP-01 challenge (and I can explain why if you are curious/interested).
If there is some interest, I can talk to Brent Raymond to do a talk on 4D Method. I know Brent will be in Paris as 4D Method is a sponsor this year.

I have a component that works if you want to beta test it.

NOTE : the component will be released with source on my GitHub after the summit.

Send me your email b.legay [at] ac-consulting.fr and let me know which version you use v17 or v18 and I’ll send that to you :wink:

I always run an nginx server as a proxy in front of 4D and do lets encrypt via that. Its much faster than running 4d as https as the nginx -> 4d connection can be http on local network.

You can run nginx as a service on Windows or separate virtual machine if you have multiple sites

Paul

Hi Paul,

Of course, proxying is a good solution :slight_smile:

Take a look at Caddy, it is a new http server written in go.
It is :

  • self contained (one executable, no dependencies)
  • runs on multiple platforms
  • has let’s encrypt built in (with TLS-ALPN-01 challenge, first one for this)
  • the configuration can be done via a REST api (on a dedicated port).

I did not have time to look into it in depth, but it is definitely on my list :wink:

https://www.youtube.com/watch?time_continue=3&v=nk4EWHvvZtI&feature=emb_logoCaddy HTTP demo, configure https in 28 seconds>

Thanks Bruno,

I had a quick look at the Caddy reverse proxy documentation. At the moment I don’t think it’s as flexible as nginx. Not exactly clear from the website but it mentions that “streams cannot be mixed” I think that means you cannot proxy https to http which sort of defeats the point of having the proxy in the first place.
Cheers
Paul

: Paul DENNIS

… website but it mentions that “streams cannot be mixed” I think
that means you cannot proxy https to http…

Yes it is totally possible (I have done it for tests purpose). You can use Caddy as a TLS endpoint.

Paul,

A couple of off-topic questions regarding nginx:

  1. Have you ever used its load balancing feature?

  2. Are you using the free version, or paid?

Thanks in advance!

Best,

Steve

Hello Steve,

For development run on a virtual machine using an image from turnkey linux. They provide default builds of various types of servers and includes a backup. I have nginx routing between the website which runs Joomla! and 4D.

For the live version I have nginx running on Windows using this source.

http://nginx-win.ecsds.eu/

Both of the above are free. Not use the load balancing we don’t get that much traffic.

Cheers
Paul

Paul,

Thanks for the information, very much appreciated!

Best,

Steve

Thanks for everyone’s replies to my plea. Lots of interesting info.

I wasn’t aware of the issue with the change in folder location that you mentioned Paul. I use 4D Client for the Web Server and am currently on 17R3 also, so it looks like I’ve got a bit of work to do.