Adding lets encrypt certbot to your site

For fun today I installed certbot, formally known as Let’s Encrypt, on one of my personal projects in order to get a free SSL cert for the site. It was pretty straight forward and worked very well! Below are notes and tips that may help your install.

My server is running Debian Linux with an nginx web server.

  1. Go to and enter your flavor of linux and type of server. If you’re unsure what distro/flavor of linux you have, type this on the command line “cat /etc/issue” .
  2. For my combination, the fully automated solution was not available. Their automated solution will prompt you for which sites on your server you want to install the certificate for, and then it will edit your nginx conf files for each site so the certificate is used. I haven’t tried this myself, but automated things like this make me weary, so I probably would have done the manual install anyway.

  3. The next step was to follow the instructions on the following page as the root user I won’t go through them in detail as it really is just following their instructions and commands provided. I did add the Jessie backports as described here I used the webroot install approach.
  4. I initially had some trouble because one of my sites is using the Yii framework and I didn’t point the certbot certonly command at the webroot, but instead at the code root of the framework. The process will create a .well-known directory and it must be within the webroot so it can be authenticated. The .well-known directory will be empty and it’s OK to have it owned by the root user and group. A successful run of the certbot certonly command will result in a message like “Congratulations! Your certificate and chain have been saved…”
  5. The next thing is to configure your nginx conf file to use the new cert. Also don’t forget to change your conf file to listen to port 443 instead of port 80.
    server {
    	listen 443;
    	ssl on;
    	ssl_certificate /etc/letsencrypt/live/;
    	ssl_certificate_key /etc/letsencrypt/live/;

    Then restart nginx. You may also need to make application changes so the site uses an HTTPS domain depending on the framework or type of application you have.

  6. Last thing to know is the certbot certonly command will create a cron job for you at /etc/cron.d/certbot with the below contents that tries to auto renew twice per day
    0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew

Magento Error Warning: mcrypt_generic_deinit(): Could not terminate encryption specifier

I ran into the below error today while working with Magento 1 and registering a customer during checkout.

[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "NOTICE: PHP message: PHP Fatal error:  Uncaught exception 'Exception' with message 'Warning: mcrypt_generic_deinit(): Could not terminate encryption specifier  in /var/www/myproject/htdocs/lib/Varien/Crypt/Mcrypt.php on line 135' in /var/www/myproject/htdocs/app/code/core/Mage/Core/functions.php:245"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "Stack trace:"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "#0 [internal function]: mageCoreErrorHandler(2, 'mcrypt_generic_...', '/var/www/myproject...', 135, Array)"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "#1 /var/www/myproject/htdocs/lib/Varien/Crypt/Mcrypt.php(135): mcrypt_generic_deinit(Resource id #180)"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "#2 /var/www/myproject/htdocs/lib/Varien/Crypt/Mcrypt.php(54): Varien_Crypt_Mcrypt->_reset()"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "#3 [internal function]: Varien_Crypt_Mcrypt->destruct()"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "#4 {main}"
[10-Apr-2018 13:49:47] WARNING: [pool www] child 1731 said into stderr: "  thrown in /var/www/myproject/htdocs/app/code/core/Mage/Core/functions.php on line 245"

The problem is the encryption key in app/etc/local.xml was empty. Add one to solve the problem.

The Phoenix Project book take aways

I just finished listening to the audio book of the Phoenix project. I had a few primary take aways from this book:
1. Reduce WIP (work in progress). I’ve been on projects in my career where when we’d get blocked on doing some work, we needed to keep the team busy so we’d pull in other work. Soon enough you’d have 100 initiatives going on at once that you’re able to devote to each only ten minutes per week. In this project we paused for two weeks where no new work was added and we just focused on completing the work already in progress. It reduces context switching and allows more work to get completed.

2. Automated builds and deployments. I’ve also been on teams where this has been done and it’s fantastic. Building and maintaining the tool itself takes effort, so plan for that. But, once it’s finished you can deploy all day with consistency and accuracy.

3. Identify your workflow’s constraint (bottleneck). Any improvements to the workflow that are not at the constraint are worthless.

4. Unplanned work prevents you from meeting your goals. Minimize this.

Here are a couple great resources for notes and take aways and

How to update google compute engine instance

My google compute engine instance is running Debian.  As I’ve read, those running Centos and Redhat linux have a nightly yum update, but not servers running Debian Linux.  If you’re unsure which version of linux you have, run

cat /proc/version

My Debian Linux Google compute engine has apt-get installed and not yum. Run this command to have it check for and print updates; it won’t install them.

apt list --upgradable

If you haven’t upgraded software in a while, you’ll see a long list of packages that need to be updated.

There are a few different ways to install the updates as described here and here . I usually run

apt-get -y dist-upgrade

Afterward if you run “apt list –upgradable” again it’ll just say “Listing… Done” since nothing needs to be updated.

Magento 2 vs Magento 1 pricing differences

Advanced Pricing

Advanced pricing is a section where you can setup specials and tiered pricing.  The functionality is the same as in M1, but they’ve just moved and renamed some functionality.

There are two kinds of advanced pricing in magento 2.

  1. You can set a special price for a date range, which was already available in M1.
    1. Special price to and from date is missing in Magento 2 EE. This is because Magento intentionally removed it from EE so admins would use scheduled updates instead.
    2. In addition to specifying a fixed price discount for tiered pricing, in M2 tiered pricing can be a percentage off discount.
    3. M2 has an input for product cost, which has no value that I can find.  It’s not in reports or anything; it does get inserted into the order quote though.


Configurable Products

In Magento 1, once the simple product is associated to the configurable, the simple’s price no longer matters; it’s not used.  It’s still visible when viewing the configurable’s simple products and adds confusion.  In M1 the variations’s pricing is based off the configurable’s price plus a difference of fixed amount or percentage.  The difference can be negative. 

In Magento 2, configurable variation pricing is one of the following:

  1. All simple variations inherit the price from the configurable
  2. A price is specified for each simple. The difference from M1 is, the price you specify isn’t based on the configurable’s price at all; it’s independent.  If the configurable’s price is $20, and you want this simple’s price to be $25, you’ll specify $25 in M2 instead of $5 in M1.  This works much better if you’re pulling in prices from an ERP that has the full price specified.