My letsencrypt.org config

Client: https://github.com/kuba/simp_le

Post updated Jan 2nd, 2016 to include new mandatory configuration keys needed when calling simp_le

After installing the client make a symlink to it:
ln -s /usr/local/src/simp_le/venv/bin/simp_le /usr/local/sbin/simp_le

Crontab:
0 * * * * /usr/local/scripts/renew_certificates.sh

renew_certificates.sh script snippet:
#!/bin/bash

cd /etc/ssl/letsencrypt/www.ovidiudan.com/
simp_le -d www.ovidiudan.com:/storage/www/www.ovidiudan.com/htdocs/ --email youraddress@yourdomain.com -f account_key.json -f key.pem -f cert.pem -f fullchain.pem && service apache2 reload
chmod -R 770 /etc/ssl/letsencrypt/www.ovidiudan.com/
chown -R www-data.www-data /etc/ssl/letsencrypt/www.ovidiudan.com/

touch /tmp/renewed_certificates

Apache config example to place inside VirtualHost:443 tag:

SSLEngine On

SSLCertificateFile /etc/ssl/letsencrypt/www.ovidiudan.com/cert.pem
SSLCertificateKeyFile /etc/ssl/letsencrypt/www.ovidiudan.com/key.pem
SSLCertificateChainFile /etc/ssl/letsencrypt/www.ovidiudan.com/fullchain.pem

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLVerifyClient none
SSLVerifyDepth 1
SSLCipherSuite EECDH+AES:AES256-SHA:AES128-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH:!EXP:!SRP:!DSS:!LOW;
Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains"

Results from https://www.ssllabs.com/ssltest/:

ssl

Read More

Tvheadend installation order for DVB-C OTA

  • Configuration > DVB Inputs > Select Tuner > General Tab > Configure it under Adapter configuration
  • Click on “Add DVB Network by Location” or go to multiplexes tab and add it manually
  • Come back to General Tab, click on Map DVB Services to channels (this seems to activate epg grabbing from OTA)

Read More