Arch Linux vs Linux

I'm looking at this page:

It says "My HTTP website is running _______ (software) on ______ (system)"

I know my software is Apache, but the dropdown for "system" included "Arch Linux", but does NOT include "Linux". Are the two sufficiently equivalent FOR OUR PURPOSES (running Certbox to get an SSL certificate)? That is, why isn't plain "Linux" in the list??

Btw, my website is:

And, I have shared hosting on GoDaddy, and my Cpanel with them DOES have SSH.

1 Like

The Linux distro you are running informs what the installation instructions will be.

Linux is just a kernel, the rest of the operating system (like what package manager is in use) is the relevant bit.

If you use shared hosting, Certbot is not the right tool for you.

You can try something like CertSage ACME client (version 1.4.0) - easy webpage interface, optimized for cPanel, no commands to type, root not required

6 Likes

But I thought if my Godaddy Cpanel DOES provide SSH, then Certbox is appropriate. Why not? Are you saying if I install the Certbot using the script that will be provided to me (by typing "install certbox" on the command line) will not work?

BTW, I've just found talking to Godaddy that port 80 IS available and 443 is not which is the correct status before I get a Cert. And Godaddy does not have any firewalls.

The Linux distro you are running informs what the installation instructions will be.

That answer does not tell me (at my current level of ignorance) whether Arch Linux in your list of acceptable OSs is sufficiently EQUAL to "Linux" for purposes of Certbot script generation.

1 Like

Welcome to the Let's Encrypt Community!

Although you can access SSH through cPanel with GoDaddy shared hosting, you typically don't have access to your webserver configuration files, which are managed by cPanel. As @_az mentioned though, you can still use CertSage (of which I am the author) without any issues.

5 Likes

Certbot can be used without root access, but it's just not terribly useful in a cPanel environment. Certbot knows how to install SSL certificates to a standard Apache or nginx web server, but cPanel requires users to install certificates in a very specific way. I wrote a hook for Certbot to install certificates to cPanel which makes it possible, but it's all a bit of a hassle.

A client which is custom built for a cPanel environment is your best bet.

In fact, cPanel is perfectly capable of automatically creating its own Let's Encrypt certificates for your domains without you having to lift a finger, but GoDaddy disables this on their shared hosting plans (probably because they are a Certificate Authority themselves and it would cannibalize their profits)

6 Likes

Thanks to you all. The question is still not answered (Is "linux" without "arch" in front of it) adequate for the purposes of that function where you tell it which server (apache) and which OS. But I already learned that my linux does not have the SUDO command, which is needed if you need to "access the root" which some of you are saying isn't necessary but is a hassle if you don't. Will study the alternative path initially suggested, which does not involve Certbox.

2 Likes

The question is impossible to answer.
Let me relate it this way; Let's say:

  • Linux is an engine
  • all cars have some type of engine

Your question then reads: Is "Brand XYZ car" equal to "this Engine"?

There are many "engines" listed on that page.
Why are you trying to compare "Linux" only to "Arch Linux"?

<select name="os" id="os">
<option value="">System</option>
<option value="bitnami">Bitnami</option>
<option value="pip">Pip</option>
<option value="gentoo">Gentoo</option>                     <<<< contains Linux
<option value="fedora">Fedora</option>                     <<<< contains Linux
<option value="freebsd">FreeBSD</option>                   <<<< contains Linux
<option value="windows">Windows</option>
<option value="snap">Snapd</option>
<option value="debianstretch">Debian 9</option>            <<<< contains Linux
<option value="debianbuster">Debian 10</option>            <<<< contains Linux
<option value="debiantesting">Debian Testing</option>      <<<< contains Linux
<option value="ubuntufocal">Ubuntu 20</option>             <<<< contains Linux
<option value="ubuntuother">Ubuntu 19</option>             <<<< contains Linux
<option value="ubuntubionic">Ubuntu 18</option>            <<<< contains Linux
<option value="ubuntuxenial">Ubuntu 16</option>            <<<< contains Linux
<option value="arch">Arch Linux</option>                   <<<< contains Linux
<option value="centosrhel8">CentOS 8</option>              <<<< contains Linux
<option value="centosrhel7">CentOS 7</option>              <<<< contains Linux
<option value="opbsd6">OpenBSD</option>                    <<<< contains Linux
<option value="osx">macOS</option>
<option value="devuanascii">Devuan 2.0</option>            <<<< contains Linux
<option value="devuanbeowulf">Devuan 3.0</option>          <<<< contains Linux
<option value="devuanother">Devuan Testing</option>        <<<< contains Linux
<option value="tumbleweed">openSUSE tumbleweed</option>    <<<< contains Linux
<option value="leap">openSUSE 15</option>                  <<<< contains Linux
<option value="sharedhost">Web Hosting Service</option>
</select>

OR
Have I completely misunderstood your question?

4 Likes

I think GoDaddy probably run CentOS/RHEL/AlmaLinux/RockyLinux or similar, because that is cPanel's heritage. cPanel only very recently gained support for Ubuntu. So those would be the closest on the list.

The instruction generator only generates instructions for the basic use case - when you have root on the server. More advanced cases (like trying to use Certbot on shared hosting) are out of scope of that web page.

5 Likes

Because the question is asked on the 1st link I gave, "what operating system is apache running on?" You can't type in an answer; you can only pick from their dropdown list of OSes. Try it. You'll see that "Linux" (which is the OS Godaddy says is the OS that my server's Apache is running on) is not in the list. The closest thing to it is "Arch Linux". "Linux" without the "arch" prefix is not listed. Please tell me this makes sense to you.

1 Like

It kinda makes sense if I try to see it from a very novice perspective, but in reality it doesn't.

"Arch" is the name of one kind of flavor of Linux. It's very different from other kinds of Linux distributions. It's impossible to have a "one size fits all" generic Linux option, so that's the reason you don't find just "Linux" in the pull down box.

6 Likes

That is where "the problem" starts.
Godaddy should be much more specific than just "You have mail Linux".

5 Likes

So you should be able to cat /etc/os-release and uname -a to gain addition information about the Linux being supplied to you.

And while you are at it please capture the output of certbot --version or certbot-auto --version.

Then share the results.

2 Likes

Bruce, I'm not sure we're talking about the same thing. In cPanel's security section, the first item there is SSH Access. Clicking gets me a page saying:

"SSH Access
SSH allows secure file transfer and remote logins over the internet. Your connection via SSH is encrypted allowing the secure connection. In this section you can manage your SSH keys to allow automation when logging in via SSH. Using public key authentication is an alternative to password authentication. Since the private key must be held to authenticate, it is virtually impossible to brute force. You can import existing keys, generate new keys, as well as manage/delete keys.

"SSH (Secure Shell) is a program to log into another computer/server over a network securely. It provides strong authentication and secure communications over insecure channels. Your login, commands, text are all encrypted when using ssh.

"Manage SSH Keys
The public and private key are similar to a puzzle. They are created together to use during the login/authentication process. The public key resides on the server (the remote location). The private key resides locally on your computer/server. When you attempt to login to a server, the public and private key are compared. If they “match”, then you will be allowed to login to the server location."

Then it has a button "Manage SSH Keys". That page says I have no public or private keys installed. I can generate new keys or import a key. But there's no place to enter what I suspect are command prompt commands to the operating system. Please help me understand what's going on here. I'd be glad to use your commands to gather info about this environment but am stuck.

1 Like

I'm not sure how SSH related to all this? Note that the old name for the protocol used in HTTPS is called SSL, not SSH. Nowadays the protocol is called TLS by the way.

Ah, I see the relation now. Bruce quoted you saying you have SSH access. Bruce means you could use your SSH access to run the suggested commands.

6 Likes

Probably it is me; I had inferred that when they said SSH
I took that for the answer to the Help Topic Question
I can login to a root shell on my machine (yes or no, or I don't know):

My bad again, sorry! :frowning:

2 Likes

No, your reply was fine and on point :slight_smile: I'm just guessing OP has no clue what SSH is and what to do with it.

4 Likes

To Osiris and all others interested, yes I AM very novice at Linux, but not at programming or OS usage. I used to be a programmer. Working with and sometime writing OS-specific code included OS/360, DOS/VS (etc), TRS-DOS, LDOS (TRS-80), PC-DOS, MS-DOS, Windows through 10, but I've never touched Apple or Unix/Linux. I DO know my excellent DVR from Spectrum, the 6-tuner models from Arris, etc., is a linux box, therefore I feel it can generally be trusted from an OS standpoint.

Here's my problem. I don't understand why "flavor" of an OS has any relevance. Any application program should (I would think) be written for the OS, Linux in this case, and NOT for any "flavor" that might exist. If you make use of OS-calls, you'd call the standard calls provided by Linux for app writers to use, just like MS made MSDOS calls available to PC programmers. But I don't know the depth to which creating a "flavor" of Linux opens up windows of opportunity for programmers to shoot themselves in the foot by writing applications that need a specific "flavor" of Linux. Just keep it Linux and you can run on ALL flavors.

Okay now. What am I missing in this huge world that you all are a part of?

1 Like

Unfortunately, it's not that simple. As already said, "Linux" is just the kernel. Applications usually won't directly interface with the kernel, but with system libraries, often the GNU C library (glibc). That's why you'll often come across the term "GNU/Linux".

image

But with just a kernel and a standard library, you don't have a full OS. You'll need lots and lots more of applications to have a simple running system, often those are GNU applications too. E.g. init.

On top of the kernel, standard library and the must-have applications, you can build A LOT of different types of user interfaces and all kinds of different applications, which makes a "distribution", such as Ubuntu, Debian, CentOS, RedHat, Gentoo, Arch to name a few.

All these different kind of distributions, build upon the Linux kernel and GNU standard library/applications, often have different kind of ways to manage packages (i.e.: applications). E.g., Ubuntu and Debian use apt to install and remove applications, CentOS and Redhat (and others) use RPM and Gentoo uses Portage. Although Ubuntu is moving more and more to snapd, which is currently the main method of distribution for Certbot.

So in the world of Linux, there is no "One size fits all" possible: guides and instructions need to be tailored to the exact distribution used by the user and that's why the Certbot instructions have no generic "Linux" option to select from. It's mainly the package manager responsible for all these different kinds of instructions.

5 Likes

Griffin, THANKS for that great script you wrote! My site's been dead for some years. (Site is unusual in numerous way; multi purpose, main purpose made inactive due to the criminals in government and big pharma, old style, old code, old programmer, ha ha.) I may slowly resurrect it if I have time before I die, and I discovered 2 years ago Google is deranking if a number of things are not true, a high priority one being having SSL certificate. I understand their reasoning. Heck as I was starting my site in 2009, a hacking done to me might have been prevented if I could have prevented "sniffing". So this is valuable. I'd heard of free ones. I wanted a free one to go for a year, but only domain level as I'm not directly taking payments. (I wasn't even in the past; was only re-directing to Paypal.) But during my many hours of researching, I learned the best deal may have been $28 for 5 years of Digicert. (I asked a GoDaddy support person if he knew of 3rd party cert providers who used GoDaddy shared hosting. That was one of two.) Heck, I don't know whether my site will be around for years (or me for that matter; am fighting a potentially serious disease). And though my S.S. income is low, I have no job and am in subsidized senior housing, I DO feel I should give you the $20 I just sent you. THANK YOU for making this! Yes, I'll just have to get used to running it every 2 months, but heck you let me put in 2 email addresses to remind me! What more could I ask for, except maybe a little support. But you and the others are giving that here. As a former seasoned programmer, I remember that we coders get lost in code and think of our user interface AND our documentation in terms of how we wrote the code and how we KNOW the algorithms work. But that's often different from the way a user sees things and thinks. Now that I've been a user-only for a few years, I may be able to help. I wrote down in explicit detail what the user has to do. May I type it up and send it to you in some way? Then if you so choose, you can update your instructions page to make it super easy for even guys like me who have become brain dead to make it work. I haven't typed it yet, but I'd be happy to when I can, if there's some way to email. If needed, I can post my email in a post, and after you say you have it, then I can delete my post.

2 Likes

Osiris, are you implying that the MS Windows System Call interface and Kernel do a lot more functions than those in Linux, and that therefore Linux flavors allow apps use features available in one flavor but not another? (I hope I've said it right.) This would mean one installing Linux would have to decide which flavor to run based on a limited set of applications they want to run on that hardware. Linux appears not to be a general all purpose OS like Windows and MacOS are intended to be.

1 Like