Adding SSL with Let’s Encrypt!

screenshot-from-2016-09-18-16-48-46

Adding SSL to a website sure is easier than I remember.  I’ve been vaguely aware of the fact that free SSL certificates were now available from Let’s Encrypt.  I’ve been spending most of the day geeking out with AWS server stuff so I decided now would be a good time to see what exactly is involved, and I was absolutely stunned at how easy the process is!

I started with an Ubuntu Server running Apache; no SSL  configured at all.  I pointed my browser at https://certbot.eff.org/.  It gives you a couple of big, friendly drop-down menus where you specify the web server software and OS you are using, and it redirects you to a page of step-by-step instructions.

If you are at all familiar with working at the command line, the process could not be much simpler.  Following are the steps I took for Apache on Ubuntu Server, but I assume the process will vary depending on your environment.

On my server, I ran the command wget https://dl.eff.org/certbot-auto to get the software that bootstraps the process.  Once it downloaded, I ran chmod a+x certbot-auto to make the file executable, and then ./certbot-auto to kick it off.

At this point, certbot used apt to download all the package dependencies. Since I had a simple, bare-bones Apache configuration, it gave me the following dialog in a text interface:

No names were found in your configuration files. You should specify ServerNames in your config files in order to allow for accurate installation of your certificate. If you do use the default vhost, you may specify the name manually. Would you like to continue?

Being the slacker that I am, I naturally opted for the path of least resistance, and answered affirmatively.  Then it presented another dialog:

Please enter in your domain name(s) (comma and/or space separated)

Simple enough.  I entered my domain and then:

Please enter email address (used for urgent notices and lost key recovery)

After entering my email address, it provided me with a dialog to agree with the TOS.

Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory

Who am I to argue?  I agreed, and then got:

Please choose whether HTTPS access is required or optional.

Easy – Allow both HTTP and HTTPS access to these sites
Secure – Make all requests redirect to secure HTTPS access

Nice!  It even gives you the option of configuring your server so that non-secure requests are redirected to https.  Yes, please!

After a bit more churning:

Congratulations! You have successfully enabled https://ericasberry.com

You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=ericasberry.com

That was it!  Didn’t even have to restart apache (I presume it did that for me in the background).  I went ahead and verified the configuration as suggested, and my site is now A-rated!  That’s more than I can say for chase.com, which currently only rates a measly B grade.  Take that, mega bank!

The only catch seems to be that the certificates are only good for 90 days.  But it looks like all you have to do is set up a cron job to run “certbot-auto renew” every 3 months to take care of that.  Since I just set it up, I haven’t tried that step, but I’ll try to remember to update this post when the time comes.

Quick tip for joining lines with a separator in vim

Every so often I need to deal with some exported database id’s that come in the form of a CSV file.  The trouble is, instead of having the id’s one per line, I really need them on a single line, comma-separated so that I can use them in an ‘in’ clause in some kind of query.  I always remember this is easy to do in vim, but I can never remember the syntax.  So here it is, for my (and maybe somebody else’s) future reference:

:%s/\n/,/

: to enter command mode

% to select all lines

Then the substitute command to search and replace all newlines in the selected block with a comma.  Of course you could use the pipe character or whatever other delimiter you need in place of the comma.

Now that I’ve written it down somewhere hopefully I’ll never forget it!

janrain social sharing to twitter: an error occurred

Just a quick note, mostly to myself, but maybe this will help out somebody else doing a google search down the road, because I sure didn’t have much luck finding anything.

Today, for the second time, I got bitten by Janrain’s poor diagnostics when it comes to error handling with their social sharing .

I got bitten by this same scenario probably six months ago, but had forgotten the details, which made it all the more aggravating when I wasted time trying to figure it out again today.  I was just putting the finishing touches on a new feature, and regression testing social sharing to Twitter through Janrain, when suddenly every attempt to share to Twitter began failing, with no information from Janrain other than “An error occurred”.  Yeah, really helpful guys.

I was finally able to track down the issue.  I was just sending a test tweet on a private account, so I didn’t really care about the content, and I was reusing the same content over and over.  Apparently the Twitter API detects that the content is being duplicated at some point and begins rejecting the tweets with an error (don’t have the exact code handy as I’m writing this, but it’s obvious that its being rejected because its a duplicate tweet).  Janrain, instead of reporting this detail, just squelches it and reports “An error occurred”.  I was only able to figure this out by looking at the HTTP requests.

So, if you suddenly run into this mysterious generic error with Twitter and Janrain social sharing, and are attempting to tweet the same content, this could be the cuplrit!  Just change up the content and all your problems will be solved (until the next one).

Porting Cell Phone Number Verizon -> Straight Talk -> Google Voice

In an effort to cut costs, my wife and I decided to switch our cell service from Verizon to Straight Talk.  We would have done it sooner had we realized that we could use our existing Verizon phones with a Straight Talk SIM card.  I had assumed since Verizon was CDMA, and not GSM, that we would have to buy new phones to switch, but that turned out not to be the case.  We decided I would be the guinea pig and port my phone first.

I verified our phones were indeed eligible and ordered SIM cards from their BYOP (Bring Your Own Phone) site.  Even though we’ve lived in Tampa over a year now, I still had my Atlanta cell phone number. My original plan was to establish service with a new Tampa number (time to get local!), and keep my old service active for awhile until I determined whether Straight Talk’s service was any good.  Then I could give people my new number, and discontinue my old service with the Atlanta number.  Seemed like a good time to make the switch.

The first hiccup in my plan was that in order to activate an already active phone on Straight Talk, you have to port your existing number from your current provider.  You can’t just take out the old SIM card and put in the new one.  They are very explicit about this in the activation process.  I was hoping to avoid the potential pain of the porting process, but it seemed there wasn’t really going to be any way around that.  Oh, well.

I started the activation process around 8pm, and hoped it would be done in a couple of hours.  It wasn’t.  When I woke up the next morning, Straight Talk’s website still indicated the porting process was “in progress”, with no additional details.  Around noon, it still showed “in progress”.  I finally initiated a customer service chat to make sure there weren’t any issues.

When you fill out the porting form with your existing carrier account information, one of the things they ask for is your billing zip code.  As it turns out, they don’t want your current billing zip code.  They want the billing zip code that you used when you created the account.  So if you moved at any point after establishing service with your original carrier, your port will get stuck.  But Straight Talk won’t tell you that.  (To be fair, I guess they would have eventually).  Straight Talk’s porting forms gives no indication of this, it just asks for your “billing zipcode”.  But the customer service rep stated this requirement as if it should have been obvious.

I had to think back to when we first established service with Verizon to remember what our zip code was.  I gave it to the rep, and apparently I guessed right!  She told me, very specifically, my port request would be “completed today at 3:37 PM EST”.  Pretty sure it was actually done a couple of hours before that.  Once it went through, my phone service was indistinguishable from when it had been directly with Verizon; it was just a lot cheaper.  The phone even still showed Verizon as the carrier, which makes sense, since Straight Talk is just reselling their network (as well as those of other carriers).

I still really wanted to get a local Tampa number. I found out that you have to order a new SIM card to do this.  After selling a bunch of stuff on eBay, I decided this would be a good time to finally upgrade to an iPhone 6+.  That way, I could establish the new number on my new phone, and keep the old service active on my old phone while I transitioned and gave people my new number.

So, I ordered a AT&T compatible GSM SIM card from Straight Talk, and when it was delivered, picked up my iPhone 6+ at the Apple Store.  That, by the way, was a smooth process.  I ordered the unlocked phone using the Apple Store app on my old phone, for pickup at the Apple Store.  Walked in, showed them my order with a QR code displayed by the Apple store app, showed them my ID, and they brought it right out and I was on my way.

But I digress!  This part of the process was much more straightforward.  I logged on to Straight Talk’s website, entered all the requisite info about the SIM card, and my phone was activated pretty much instantly.  The one thing that was a little disappointing was not getting any kind of choice on the number.  With some phone services (e.g. magicJack) you can pick from a list, or even request a specific number if it’s available, so you can pick one that’s easily memorizable, but with Straight Talk, you apparently just get whatever they decide to give you.

Now the conundrum:  what to do about my Atlanta number?  I set up call forwarding on that line to my new one, but that’s only a very temporary solution.  Obviously I wasn’t going to maintain two lines of service.  I gave my new number out to my family, but there are so many people that still have my old phone number from over the years.  What to do?

Then I wondered if you could port a cell phone number to a Google Voice account?  If I could associate my Atlanta number with a Google Voice account, I could just forward all the calls to my new number, and not have to pay for service for that old number.  I could also hold on to that number for a good long time!  Turns out you can!  Bingo!  I had an old Gmail account with an associated Google Voice number that I haven’t used in years.  It should be noted, Google does charge a one-time $20 fee for porting the number, which is refunded if it turns out they can’t complete the porting process for whatever reason.  You can even keep your original Google Voice number as well, if you want, for another $20.  Otherwise, it goes away 90 days after the porting process completes.

I did a few google searches to see what other people’s experiences had been, and then I threw caution to the wind and decided to go for it.  A couple of hours after I initiated the process with Google, I got a notification from them that there was a problem with my port.  They indicated that I had given an invalid account number.

Straight Talk didn’t show me an account number on the “my account” screen.  According to the Google searches I had done prior, if you had a BYOP SIM, the account number was the last 15 digits of your SIM card number and your billing PIN was “0000”.  I think that is probably true for GSM phones (e.g. AT&T or T-Mobile), but I finally found that since my phone was a CDMA phone, the account number was actually the IMEI or MEID number on my phone. (On the iPhone, you can find this in Settings -> General -> About).  I believe I entered the IMEI number; at least on my phone they were the same number, except the MEID number had one less digit at the end.  Also while reviewing this, I realized I had set a PIN on my Straight Talk account, so I used that instead of “0000”.

After resubmitting, I didn’t hear back from Google for awhile.  I did receive a call from (866) 667-6470, which I didn’t recognize, so I didn’t answer.  In my experience, these types of numbers are usually either telemarketers or bill collectors looking for somebody I’ve never heard of.  I usually google these numbers just to check, and it turns out this one is associated with Straight Talk.  But, they didn’t leave a message, so I didn’t do anything.  I checked my account on their website a little while later, and noticed where my Atlanta phone number used to display, it now showed the SIM card number instead, and labeled it an “inactive phone”.  Google, however, still showed the port in progress, and I checked, and still had service on the phone despite Straight Talk’s page claiming it was inactive.

Nothing else happened until the next morning, when I woke up I had an email from Google indicating the port was complete!  It took a total of about 22 hours from the original submission.  Mission accomplished!

Hopefully somebody else will be searching Google like I was, and find this information helpful!

My experience selling used items with Amazon’s “FBA”

I’ve got a lot of stuff lying around that I no longer use that I really need to get rid of.  Instead of using eBay or Craiglist, I decided to experiment with selling 3 items on Amazon using their “Fullfilled by Amazon” program.  One reason it really appealed to me in my zeal to declutter is that Amazon actually handles all the fulfillment, so you ship the items to them immediately, and the clutter is gone.  Once they make their way to the warehouse, Amazon can fulfill them with Amazon Prime, which you figure a buyer has got to love.  Finally, it seems like most of the sellers price their used items so high that it should be easy to undercut with the lowest price and still really feel good about the amount of money you’re getting, even after Amazon takes their cut.

First, let me say, it’s obvious that this program is really geared for people who are running a business with regular inventory.  As easy to use as the consumer facing Amazon web interface is, it is amazing just how clunky and baffling the workflow through the FBA interface is for a simple guy like me just trying to sell his stuff.  It’s truly awful.

I decided to start with three items.  Here’s what happened

  1. One item listed for $70, Amazon has designated as damaged by the carrier. Supposedly I’m going to get reimbursed for that at some point, but it’s not clear how much or when.
  2. Second item listed for $160 and sold relatively quickly, shipped to buyer Amazon Prime. This item was like new and in the original box. Two weeks later the buyer returned it to Amazon. Amazon has now designated it unsellable because it is defective. WTF? So now my only option is to have them send it back to me, and see if they guy really broke it, or what the deal is. Which of course I have to pay for.
  3. Third item listed for $30 sold after a few days, without incident (so far).

Amazon rocks for buying things and they get a much larger portion of each of my paychecks than they probably should, but as far as selling my used stuff, I’m thinking I need to stick with either eBay or Craigslist …