Has anyone successfully used the version of certbot in jessie-backports
to install https certificates from letsencrypt on Apache?
The reason for asking is that I haven't :)
It doesn't help that the version there is older than the one covered by
the documentation at <https://certbot.eff.org/docs/using.html> - there's
no 'certificates' command, for example.
I was looking to upgrade my VPS to the latest Ubuntu release this afternoon but ran across a problem. Whenever I try to run "do-release-upgrade” I receive the following error:
Checking for a new Ubuntu release
Get:1 Upgrade tool signature [836 B]
Get:2 Upgrade tool [1,265 kB]
Fetched 1,266 kB in 0s (0 B/s)
authenticate 'xenial.tar.gz' against 'xenial.tar.gz.gpg'
gpg exited 1
gpg: Signature made Wed 07 Dec 2016 09:10:01 GMT using RSA key ID C0B21F32
gpg: /tmp/ubuntu-release-upgrader-r7c80csz/trustdb.gpg: trustdb created
gpg: BAD signature from "Ubuntu Archive Automatic Signing Key (2012) <ftpmaster(a)ubuntu.com<mailto:email@example.com>>"
Authenticating the upgrade failed. There may be a problem with the network or with the server.
Searching online<http://askubuntu.com/questions/842706/how-to-upgrade-ubuntu-if-i-get-authen…>, this looks like it could be a problem with the xenial.tar.gz file on the local repo cache. Has anyone else had similar problems, and if so, how did you resolve them?
I suppose beyond that, has anyone successfully upgraded their Ubuntu VPS to 16.04? Were there any problems along the way?
If you do not use BitFolk's Entropy service and have no interest in
doing so then this email will be of little interest to you can be
If you haven't heard about the Entropy service before, please see:
If you *do* use the Entropy service though, I'm interested to know
what software you have that actually uses /dev/random (and not
Some background to this question:
To provide the Entropy service we use hardware entropy generators,
currently exclusively a pair of EntropyKeys manufactured by a UK
company called Simtec Electronics Ltd.
Despite the fact that these were extremely popular little devices
(compared to other fairly niche little gadgets), Simtec always had a
supply problem and then Simtec imploded as a company, so as far as I
know these are now impossible to obtain, the IP is lost forever etc.
Although I have one spare EntropyKey ready to put in service should
one of the two in service ever die (I've not experienced that yet),
that left me slightly worried as to what I'd do if I needed to get
Then I saw the OneRNG kickstarter, and decided to pledge. So now I
have 5 of (the internal USB version of) these:
I've not yet gone any further than verifying that they keep the
entropy pool full on the machine they're plugged into, but that's
good enough for now. Could be a decade before one of my existing
I have since heard that this device proved far more popular than its
manufacturer expected (sense a theme?) and they're now extremely
difficult to get hold of because they need to get a new batch made
in China. I've had multiple people contacting me on the basis of a
tweet I did about getting these, asking me to sell them mine (which
I would, but they didn't want internal USB).
The point I'm trying to make here is that the world of hardware
random number generators is not one with reliable supply lines,
unless you want to spend a fortune on some black box.
So when I came across:
I was sad that the nerdery that is the Entropy service may be
misguided, but also happy with the possibility that I might never
have to source a hardware RNG again.
Let's just take the argument posited by the article, that all
(Linux) software should just learn to love /dev/urandom¹, as true.
If you don't agree with this claim, you are disagreeing with some
pretty big names in crypto. The Hacker News commentary on the
article may also prove of interest:
At the very least, I feel the Entropy article on the BitFolk Wiki
needs an update in light of this. To justify the service's
existence, if nothing else.
Going further, the question becomes, well, what software is there in
existence that forces use of /dev/random with no configuration that
would allow otherwise? Because even if we agree that all software
*should* be using urandom, if some popular software *refuses* to
without recompile, then we're still going to have to provide an
Entropy service, because doing so is easier than running
So Entropy service users, what have you got that uses /dev/random?
¹ A more correct summary of it is probably, "urandom is fine all the
time except for on initial boot when a small amount of entropy
from outside the CSPRNG is desirable."
On shutdown all fairly modern Linuxes save the current entropy
pool to the filesystem and load it up from there on boot, so it's
only essential on first boot.
http://bitfolk.com/ -- No-nonsense VPS hosting
At around 06:52Z today we lost IPv6 connectivity for about 12
minutes. This was due to one of our colo provider's routers
They run a redundant network so it should failover, and did for
IPv4, but we're experiencing some problems with IPv6 failover which
meant it took longer than we would like or find acceptable.
The same thing happened last Thursday and that time initially due to
a miscommunication we believed that v6 was down because of the
router failure, when in fact it was not expected under those
Since then I have been working to identify why v6 failover takes so
long and to improve it, but we are not there yet.
The router that died today is the same router which died last
Thursday. It had been up for over 4 years and so its failure last
week was deemed an aberration and it was power cycled.
I have now flipped routes around so the other router is first choice
for v6, but will continue to work on v6 failover.
Apologies for the disruption!
https://bitfolk.com/ -- No-nonsense VPS hosting
announce mailing list
We're now in the position to be able to provide you with double your
current amount of memory for the same price.
Please contact support to ask for your upgrade and it will happen,
though your VPS may need to be moved between servers. If you're not
bothered then just do nothing and it will still happen eventually.
Unfortunately, while there is enough total capacity to do this, some
individual servers do not have enough spare memory to do it
immediately. Some customers will need to have their VPSes moved in
order to get the upgrade.
Experience has shown that this can be a lengthy process, so although
I am strongly opposed to offering new customers something that
existing customers can't have, I also do not want to spend that
whole time being less competitive.
So, those who want to have their upgrade just need to ask and you
can have it immediately, but we may need to move your VPS between
hosts to do it.
If you don't care then you can just do nothing and eventually when
enough moves have been done, the upgrade can happen all at once for
everyone who didn't get it yet.
Here's some more information:
If you have any questions that aren't answered there then please
ask, and the answer will be added there.
https://bitfolk.com/ -- No-nonsense VPS hosting
announce mailing list