How to renew letsencrypt certificate using certbot Linux command

LetsEncrypt community provides free HTTPS certificate for domains with a validity of 3 months and needs to be renewed once in 3 months . Web servers which are hosted on Linux operating system have option to renew HTTPS certificate using command line. Below command may be used to renew the certificate

 

Before exeuting this command , ensure to allow HTTP and HTTPS ports in  network firewall.

$ sudo certbot --force-renewal
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: news.testwebsitexyz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Renewing an existing certificate for news.testwebsitexyz.com
Performing the following challenges:
http-01 challenge for news.testwebsitexyz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpd/conf.d/apihttp-le-ssl.conf
Enhancement redirect was already set.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://news.testwebsitexyz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/news.testwebsitexyz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/news.testwebsitexyz.com/privkey.pem
   Your certificate will expire on <date>. To obtain a new or
   tweaked version of this certificate in the future, simply run
   certbot again with the "certonly" option. To non-interactively
   renew *all* of your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Share Facebook Twitter WhatsApp Telegram LinkedIn Pinterest Reddit ✉ E-Mail

SOLVED - Tshark Wireshark Linux - Diameter Dictionary: No Vendor

It may be sometimes needed to create a user defined dictionary value in wireshark and use it using tshark command in Linux  . While implementing , one of the common errors faced may be the Dictionary: No Vendor . Root cause for this error indicates tshark is not able to find the vendor ID definition for a diameter AVP from the dictionary file

In Linux , wireshark diameter protocol dictionary is stored by default in 

Directory : /usr/share/wireshark/diameter/

Dictionary file : dictionary.xml

Error Dictionary: No Vendor is observed if tshark is unable to fund the vendor ID definition in the tags defined above the typedefn tag in dictionary.xml file. Adding the vendor ID above this tag solves the issue

            <!-- ************************************************************** -->
                <!-- ********************** End Commands ************************** -->
                <!-- ************************************************************** -->

                <vendor vendor-id="None" code="0" name="None"/>
                <vendor vendor-id="HP"    code="11"    name="Hewlett Packard"/>
                <vendor vendor-id="Sun" code="42" name="Sun Microsystems, Inc."/>
                <vendor vendor-id="Merit" code="61" name="Merit Networks"/>
                <vendor vendor-id="Nokia" code="94" name="Nokia"/>
                <vendor vendor-id="NokiaSiemensNetworks" code="28458" name="Nokia Siemens Networks"/>
                <vendor vendor-id="Ericsson"  code="193" name="Ericsson"/>
                <vendor vendor-id="USR" code="429" name="US Robotics Corp."/>
                <vendor vendor-id="ALU" code="637" name="ALU Network"/>
                <vendor vendor-id="Huawei" code="2011" name="Huawei"/>
                <vendor vendor-id="Deutsche_Telekom_AG" code="2937" name="Deutsche Telekom AG"/>
                <vendor vendor-id="TGPP2" code="5535" name="3GPP2"/>
                <vendor vendor-id="Cisco" code="5771" name="Cisco"/>
                <vendor vendor-id="SKT" code="5806" name="SK Telecom"/>
                <vendor vendor-id="TGPP"  code="10415" name="3GPP"/>
                <vendor vendor-id="Vodafone" code="12645" name="Vodafone"/>
                <vendor vendor-id="VerizonWireless" code="12951" name="Verizon Wireless"/>
                <vendor vendor-id="ETSI"  code="13019" name="ETSI"/>
                <vendor vendor-id="Tango" code="13421" name="Tango Telecom Limited"/>
                <vendor vendor-id="ChinaTelecom" code="81000" name="China Telecom"/>
                <vendor vendor-id="TGPPCX" code="16777216" name="3GPP CX/DX"/>


                <!-- ************************************************************** -->
                <!-- ************************ typedefn's ************************** -->
                <!-- ************************************************************** -->
                <typedefn type-name="OctetString"/>
 

Share Facebook Twitter WhatsApp Telegram LinkedIn Pinterest Reddit ✉ E-Mail

Linux curl command syntax and practical examples

In this post , we will learn how to use one of the most powerful commands of Linux , curl which may be used to query web servers and API specific applications. Here are few practical examples of curl command

Use case 1 : To perform a GET request for a web or API URL 

Syntax :  curl --get "End point URL"

Example : curl --get "https://shareolite.com/feeds/poster/default?alt=json&type=1&filter=latest"

Use case 2 : To perform a POST request for a web or API URL 

Syntax :  curl "End point URL"

Example : curl "https://shareolite.com/feeds/poster/default?alt=json&type=1&filter=latest"

Use case 3 : POST data to a Web server or API URL

Syntax : curl --data "data to be posted" URL

Example :  curl --data "client_id=1&client_name=shareolite" "https://shareolite.com/api"

Use case 4 : POST JSON data to a Web server with body content in a file

Syntax :  curl -H "Content-Type: application/json" --data @filename URL

Example : curl -H "Content-Type: application/json" --data @body.json http://10.20.30.40/api/feed

In the body.json file above , copy the JSON content

Use case 5 : POST data with Basic Authentication

Syntax : curl --data "data to be posted" --user name:password URL

Example :  curl --data "client_id=1&client_name=shareolite" --user "testuser:testpassword" "https://shareolite.com/api"

Use case 6 : Print header information also using option -v

Syntax :  curl -H "Content-Type: application/json" --data @filename URL -v

Example : curl -H "Content-Type: application/json" --data @body.json http://10.20.30.40/api/feed -v

In the body.json file above , copy the JSON content

Use case 7 : Set Time out for connection request using --connect-timeout

Syntax : curl --connect-timeout (value in seconds) URL

Example :  

curl --connect-timeout 20 https://shareolite.com      ( 20 seconds )
curl --connect-timeout 3.14 https://shareolite.com   ( 3.14 seconds )
 

Share Facebook Twitter WhatsApp Telegram LinkedIn Pinterest Reddit ✉ E-Mail

linux ethtool command line example to find LAN connection status

Linux ethtool command line utility is very useful to collect information and status of network ports and physical link connectivity.

Below is an example on how to use ethtool to check whether a physical link is up or down. The interface name is passed as argument to the ethtool

 

Interface name of a network port , may be displayed using the command ifconfig as below

$ ifconfig
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 170.0.2.151  netmask 255.255.248.0  broadcast 170.0.2.255
        inet6 fe80::b1ba:7d9e:2da:2478  prefixlen 64  scopeid 0x20<link>
        ether 98:be:94:22:dd:da  txqueuelen 1000  (Ethernet)
        RX packets 10691  bytes 944151 (922.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1445  bytes 287378 (280.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0xbc580000-bc59ffff

Notice the highlighted interface name eno1 which is the first network port.

Now using ethtool , status of link may be displayed as below

# ethtool eno1
Settings for eno1
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Supported pause frame use: Symmetric
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Speed: Unknown!
        Duplex: Unknown! (255)
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        MDI-X: off (auto)
        Supports Wake-on: pumbg
        Wake-on: g
        Current message level: 0x00000007 (7)
                               drv probe link
        Link detected: no

Notice from above highlighted display , "Link detected" has a value "no" which indicates the physical link is down . 

Now after connecting the physical link to the network port , on re-executing the command status is displayed as below

# ethtool eno1
Settings for eno1:
        Supported ports: [ TP ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Supported pause frame use: No
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Advertised pause frame use: Symmetric
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Link partner advertised link modes:  10baseT/Half 10baseT/Full
                                             100baseT/Half 100baseT/Full
                                             1000baseT/Full
        Link partner advertised pause frame use: No
        Link partner advertised auto-negotiation: Yes
        Link partner advertised FEC modes: Not reported
        Speed: 1000Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 1
        Transceiver: internal
        Auto-negotiation: on
        MDI-X: off
        Supports Wake-on: g
        Wake-on: g
        Current message level: 0x000000ff (255)
                               drv probe link timer ifdown ifup rx_err tx_err
        Link detected: yes

Notice the change in value of Link detected from "no" to "yes" and the connectivity speed.  

Hope this helps to few who are in search of a utility to debug LAN connection status.

Share Facebook Twitter WhatsApp Telegram LinkedIn Pinterest Reddit ✉ E-Mail

Understanding Linux IPC message queues with command line examples

Inter process Communication System (IPC) refers to the set of techniques or methods of sharing data between one or multiple process modules. Each process has its own address space and unique user space and utilizes Linux kernel to allocate space which may be used by the process modules for communication

One such IPC method is the Message Queue. It is a form of asynchronous communication protocol i.e the sender and receiving process need not interact with message queue at the same time. Messages written to queue are stored until the reading process module retrieves them.

Below mentioned are few properties of a message queue

• Each message queue is identified by a unique key / queue ID
• There is a limit to the maximum number of messages stored and is configurable
• There is a limit to the maximum size (bytes) of the queue and is configurable
• It is created under a specific OS user with read / write permissions

Using message queues

Lets say if there are two process modules P1 and P2 which use message queue for IPC to exchange messages. Below is the sequence of events 

• A queue name is identified during system design for which a decimal queue key is  assigned. In example above queue key decimal value 9002 , equivalent to hex 0x232A is considered.
• In the software design of P1 or P2 , it is coded to create the queue if its not existing. 
• When either P1 or P2 process is started , queue gets created by calling linux kernel functions. Queue gets created and is identified by its hexadecimal equivalent key ID i.e 0x232A in our example. P2 switches to queue read mode as per process logic. 
• P1 writes a message M1 of say 600 bytes to queue key 9002 . Now there is 1 message pending is queue and total size of queue is 600 bytes 
• P2 reads the message M1 from queue key 9002. Once the message is read the queue gets cleared. Pending count – 0 , Total size of queue – 0 bytes
  Lets say if P2 process is not started . P1 writes 5 messages of 600 bytes . Pending msg count – 5 , Total size of queue – 3000 bytes. 
• Once P2 is started , it reads all messages based on entry time . Pending msg count – 0 , Total size of queue – 0 bytes 

Key point - It must be noted from above example , a queue gets filled with messages if the process which reads it is not started or in hang state

Linux command ipcs with or without option –q is used to list the message queue details.  Example for listing the message queues created in the system
 

$ ipcs -q
 

------ Message Queues --------
key msqid owner perms used-bytes messages
0x000022b4 32769 shareolite 666 0 0
0x00002402 65538 shareolite 666 0 0
0x00002403 98307 shareolite 666 0 0
 

Where

• “key” indicates the hexadecimal Queue key,
• “msgid” indicates a unique reference number allocated by kernel for the queue which is used along with key by process module to read or write message.
• “owner” is the linux user who created the queue.
• “permissions” indicate the read/write privileges with which a queue is created.
• “used-bytes” indicate the total number of bytes used by messages pending in queue
• “messages” indicate the count of messages pending in queue 

Example of a queue with pending messages.
 

$ ipcs -q
------ Message Queues --------
key msqid owner perms used-bytes messages
0x000022b4 32769 shareolite 666 0 0
0x00002402 65538 shareolite 666 3600 45
0x00002403 98307 shareolite 666 0 0
 

Above indicates that there are 45 messages pending , consuming total 3600 bytes equivalent to 80 bytes per message.

To remove / delete a message queue with its message contents , linux command ipcrm with  option msg by passing the unique reference “msgid” of the queue as below
 

$ ipcrm msg 65538
resources deleted
 

To find process modules using the queue to write or read messages , linux command ipcs is used with option –p by passing the unique reference “msgid” of the queue as below
 

$ ipcs -p |grep 65538
65538 wdbs 25196 32410
 

Where 25196 is the PID of process writing to queue and 32410 is the process reading from queue. 

 

Linux IPCS message queues kernel parameters

Below linux kernel parameters decide the message queue characteristics

kernel.msgmax 

• Maximum pending messages allowed in queue 
• Default value 65536
  

kernel.msgmni  

• Maximum queues allowed for creation
• Default value 16
  

kernel.msgmnb  

• Maximum queue size in bytes 
• Default value 1048576 (1 MB)   

 

These parameter values may be modified to suit the application requirement by configuring in /etc/sysctl.conf as below.
 

kernel.msgmnb = 8388608
kernel.msgmax = 65536
kernel.msgmni = 1000

Post configuration , a server reboot or sysctl reload using below command may be used . Changes will be effective after this step with a fresh login to OS.

$ sysctl -p

Hope this is useful to beginners on understanding basics of IPC message queues , how to manage them

Share Facebook Twitter WhatsApp Telegram LinkedIn Pinterest Reddit ✉ E-Mail