Post

Using Let’s Encrypt and Interworx

So I thought I was a hotshot borrowing a script from another blog for another issue with our Interworx cluster.  Now, we’re unique for the company that I consult for, they use:

  • Interworx with multiple nodes
  • AWS
  • Cloudflare
  • Load balancers not part of Interworx

It’s quite the slick setup… Cloudflare perks, load balancing, and great performance from the Interworx product.  That said, to just manage the website, we wanted to use Let’s Encrypt for SSL use to manage the nodes.   Below is a script I modified from this blog to serve the purpose and is free for you looking to do the same!

#!/bin/bash

user=[email protected]

key=$(cat /etc/letsencrypt/live/interworxnode.yourdomain.com/privkey.pem)
sslcrt=$(cat /etc/letsencrypt/live/interworxnode.yourdomain.com/fullchain.pem)

cypher=HIGH:MEDIUM:!EXPORT:!SSLv2:!SSLv3:!TLSv1:!ADH:!aNULL:!eN ULL:!NULL:!LOW

nodeworx -u $user -o pretty -n -v -c Ssl –ssl_ciphersuite $cypher –key $key –crt $sslcrt –restart_now 1 –services SSL_Apache,SSL_IWorxWeb –action updateall

So, a few things here:

  • You need to create a siteworx account just for the domain itself, in my example, interworxnode.yourdomain.com should be created just for the sole purpose of generating Let’s Encrypt certs using the standard method in the Interworx SSL config panel.  So create the SSL certs first using Interworx for your domain you just created so it is there before running the script above.
  • Interworx will take care of renewing the certificate through it’s own jobs that are active, so you don’t need to do anything with renewals for Let’s Encrypt.
  • This script can be a cronjob to run quarterly during the year, then you will ensure you get a new cert updated into the admin portal.  I run mine in July, October, January, and April, for example.  The goal of this script is to just “steal” the SSL certs from the interworx site and reapply them to your admin portal.
Post

VirtualBox on Fedora with Windows 10 guest and tagged VLAN

TL;DR Shutoff “Priority enabled and VLAN enabled” in device manager, set it to just “Priority Enabled”

So I switched to VirtualBox 5.1 and so far, so good.  The one issue I was having was running a trunk with an untagged VLAN and a tagged VLAN for my guest. I doublechecked my tagging on the switch, I doublechecked my tagging in Fedora, but it never worked in Windows 10 for the tagged VLAN, only the untagged VLAN.  Finally, and I don’t understand why, but I went into the Windows 10 Network settings for the actual NIC in device manager and changed “Priority enabled and VLAN enabled” to just “Priority Enabled” and it works like a champ.  It appears that Windows ability with the Intel Pro card and the way VirtualBox will tag and untag packets for you is incompatible with the Windows 10 driver even though Windows isn’t managing the VLAN functionality.

Post

Internet Explorer 8 and the iertutil.dll processor loop

So I was banging my head on a client’s machine the other day with a unique error.  IE8 was in a processor loop with iertutil.dll , which I observed using Process Monitor.  I tried the normal repairs of addons being disabled, reinstall IE8, Flash, Java, etc.  Finally, I found what the problem was.  See, the issue only occurred on a page or two and not most pages, that should have been a clue.  The user accidentally turned on “Compatibility Mode” for finance.yahoo.com and whatever code Yahoo through at it through Compatibility Mode caused the loop, just disable it and save yourself the 1hr plus I put into it 🙂