letsencrypt simple all sites

After using letsencrypt-win-simple (now win-acme) for my iis sites, I had some troubles, and I provide you the solutions I applied to fix them.

First, I had a lot of sites / domain names to register, and it was long to do that from the interactive app.  So I tried to do that from command prompt.  The documentation is not clear on how to do that, so I did several try-mistake.

And, finally, that’s what I found:

the first time you will add the “plugin” mode, you will get that error:
unable to find validation plugin
Because the “recommended” validation method from the ui is not the same in the command prompt, and you need to provide it, using the argument:
–validation selfhosting

These are 3 command line methods I tried.
The first allow you to get 1 single certificate for all your sites.  But, warning, if you request certificates info for any domain name registered, you will always see the first one registered.  So, I did not use that method.  But, you can try it.

letsencrypt.exe --plugin iissites --validation selfhosting --siteid 1,2,3,4,...

Warning, do not include sites id that are invalid or inexisting.

The second method allow you to create 1 certificate per site ID (that is not a domain name, you can have multiples domain name binding on 1 single site).

letsencrypt.exe --plugin iissite --validation selfhosting --siteid 1

And now, my preferred one, that I put on a batch file with all my existing sites:

letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost yoursite1.com
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost www.yoursite1.com 
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost yoursite2.com
letsencrypt.exe --plugin iisbinding --validation selfhosting --manualhost www.yoursite2.com 
...

You execute that only once.

After, you can run the renewal process once per month, or every day as you wish, but the renewal process will only renew certificates that were generated more than 55 days ago.

letsencrypt.exe --renew

If you experience some issues when updating, with locked certificates files, I suggest to run “iisreset” before renewing, as it always helps me to clear all these renewal errors.

How to know if a javascript object contains a property

You want to know if your javascript object contains a certain attribute. But, you tried some methods, and, because of the “undefined” value, it’s hard to differ from an undefined value, from an undefined “property”.

Let’s look at that simple example:

var obj = {
	key1: "value1",
	key2: "value2",
	key3: undefined
};

You want to know if obj contains “key4” property.
First, you try with “typeof”. But, for key3 and key 4, you get the same result:

typeof obj.key3
	"undefined"
typeof obj.key4
	"undefined"

So, what about property value?

obj.key3
	undefined
obj.key4
	undefined

The method I use is hidden in the very underused “Object” object.

Object.keys(xxx) returns an array of all properties of your object, as string.
So, you can do an indexOf that property name to know if it is contained in its definition.

Object.keys(obj).indexOf("key3")
	2
Object.keys(obj).indexOf("key4")
	-1

So, if you want to know if your property “exists” in your object:

function isDefined(obj, prop){
	return Object.keys(obj).indexOf(prop) > -1;
}

Another better alternative is to use the native hasOwnProperty inherited from Object.

The previous sample can also be:

obj.hasOwnProperty("key3") -> true
obj.hasOwnProperty("key4") -> false

How to fix account link between Playstation and Spotify

Today, I bought a Playstation 4, with that incredible Black Friday deal, at $250.  It’s about time I move from ps3 to ps4!

Now, I just want to listen to music on my ps4 system using Spotify, like I did on my ps3.  But, every time I try to connect, I get an error message about an “already linked” account.

What you need to do, is to “unlink” your playstation network and spotify account, and retry to link them after in your ps3.

First, unlink from playstation network using that link:
https://link.playstationmusic.com/spotify/details

Then, do that again, but this time, in your spotify account.
https://www.spotify.com/us/account/apps/

Now, retry to open the spotify app in your ps4, follow the link instructions, and it will work as expected!

Troubleshooting EC2 T2 performance issues

EC2 T2 instances are based on CPU Credit system.

If your T2 instance becomes extremely slow, there are good chances that you run out of CPU Credits.  You can look at the table here about it.

How it works

Let’s take an T2.Micro for instance.  If your cpu stay below 10%, you gain 6 cpu credits every hour, for a maximum of 144 credits.  That means, you’re full of cpu credits after 24 hours.
Each credit gives you the right to run  your cpu at 100% for 1 minute.  That means, once per 24 hours, you can use your cpu at 100% for 144 minutes (1 credit = 1 vcpu (core) running at 100% for 1 hour), that 2 and a half your.

If your cpu runs at 50%, your credits are lowering at half speed.

Look at this graph.  I ran a cpu-intensive process for 15 minutes, and you can see in the CloudWatch console, that when the cpu is at top, credits balance are gling down slowly.

What you can do

1. First, configure CloudWatch Alerts to get action before it happen

  • Create these 2 alarms
    • Know when your cpu is running high, before you lose all your cpu credits
    • Know when you’re running our of cpu credits.

To do that, follow the instructions on that article How to create CloudWatch alerts

2. If you don’t have credits left and needs to bring back your performance

Turn off + on your ec2 instance (not reboot, completely turn off and restart it from EC2 console).  For a T2.Micro, when an instance starts you get 30 credits immediately.

If you need more power, you can turn off your machine, edit its instance type, e.g. choose a t2.medium or large instead of a t2.micro, turn it on, let your huge procedure complete, then turn it off again and get back to t2.micro.

From your EC2 Console, select your instance, and in the menu “Action” / “instance Settings” / “Chance Instance Types”


Note that this option is disabled if the instance is running, so shutdown your instance first.

How to create CloudWatch alerts

You may want to be warned when your account balance is over a certain amount.
Or, you want to know if one of your EC2 instance uses too much cpu.
Or, when using T2 instance, you don’t want to run out of CPU Credits.

And, for many other reasons, you need to create AWS Cloudwatch Alerts.

I’ll show you how to create 2 alerts to track your cpu usage and cpu credits on your EC2 T2 instances.

First, open the Cloudwatch console.

  • Select the “Alarm” section on the left.
  • Click “Create Alarm” button.
  • On the “search Metrics” box, type “CPU”
    • You will see all your instances, with corresponding metric you can watch, related to cpu.
  • On the desired instance, check CPUUtilization, then click Next.

  • On the “Define Alarm” section, choose a limit, e.g.
    • Whenever CPUUtilization
      is >= 25
      for 2 periods

      • Periods lengths are defined on the right side, 2 periods of 5 minutes represents 10 minutes.
    • So, if the average cpu is over 25, for 2 consecutive blocs of 5 minutes, the alarm will raise.
  • Next, add 2 notifications.
    • You want an email when this alarm is entering its “alarm” state.
    • But, you also want a notification when everything is back to normal.  So, hit “+Notification” Button, and add another alarm, but choose “State is OK”.

Finally, do the same again, for “CPUCreditBalance” instead of “CPUUtilization”.
And, configure to get alarm when your Credit is below a fixed limit.
Something between 50 and 100 can be OK for a T2.Micro instance, but you can choose another limit based on the Alarm Preview graph.

How to build your solutions without Visual Studio installed

I have a small AWS EC2 Windows instance that I use for my personal usage, like hosting that blog.

When I create some small projects at home in Visual Studio 2017 Community, this is how I am able to build them on my server without installing Visual Studio on it.

First, you need to get the latest msbuild.
You can get it from Visual Studio 2017 download page.  On the bottom, click “Other Tools and Frameworks”, then choose “Build Tools for Visual Studio 2017”.
Direct download link

Start that setup file (vs_buildtools_xxx.exe), and choose “Web Development Build Tools”.

After installing, you will get a new command prompt in the start menu, called “Developer Command Prompt for VS 2017”.  Use it to start your command prompt, as it will add to path all required folders to run msbuild from anywhere.

Go to your folder with your solution sln file, and just type msbuild.  It will automatically start building the sln files.

If you use nuget packages, you will get errors about missing packages.  You may have read somewhere that you only need to type “msbuild /t:restore”, but I think that it’s only works for .NET Core solutions, it does nothing for Studio 2017 classic framework projects.

Now you need an additional file: nuget.exe, that you can find there: https://dist.nuget.org/

I use the latest version, 4.1.  The download is not a setup, it’s directly the nuget executable.  Only 1 file is needed.

I suggest to save it somewhere available in your path from DOS, maybe at the same place that msbuild was installed, [C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin].

Now, get back to your sln folder, and just type “nuget restore”.  The “packages” folder will be created, and required nuget packages downloaded there.

You’re ready to try msbuild again.

Wow, it just works!
That was that easy.

 

How to track your server-server call in Fiddler

Telerik Fiddler is the web developer’s best friend.

It does a wonderful job of telling you why it worked, or not.  Its ability to edit and replay some requests is wonderful.  That, with Advanced REST Client, both help you accomplish your day to day job.

It tracks everything.
Almost.
Sometimes, you need to track server-to-server requests.  Example, if your app calls your back-end api, and then, your server needs to call Mandrill API to send an email to your customer.

By default, Fiddler is not tracking that request, that goes out from your server-side app. But, there’s a solution.

In fact, Fiddler track all web traffic generated by “you”, the user currently logged, and who started the fiddler app.

Now, knowing that, all you need to do, is make your IIS Pool run at your name.

By default, IIS uses “ApplicationPoolIdentity” user, it’s a kind of virtual user generated by the web engine, to run the app.  Each pool have its own username.

But, you can change it to something else.

Open IIS.  Go to the Application Pools section. Choose your app pool, then open Advanced Settings / Identity.  Click the dots, choose Custom account, enter your credentials, and you’re done!

Now, your outgoing server-side calls from your back-end can be tracked in Fiddler!

Detect email sharing

When you give your email address everywhere for marketing subscription, product trial, small games, you don’t know if one of them is selling your email to spammers.  Or, if they were hacked.

These are 2 solutions you can use to detect where your spam came from.

First method: The “+” Sign

First, you need to know that:  Email addresses usually looks like that:
yourname @ yourdomain.com.  What you don’t know, if you can add some meta data inside your address, and it will works as usually, because all you type between the “+” and “@” sign are ignored.

When you subscribe to a service who needs your email address, you can try to type: yourname+servicename@yourdomain.com.  The part “+servicename” is ignored from smtp servers, and you will receive your mails as usual.  But, in the address, you will be able to see what’s after the + sign.

Then, if you receive a suspicious email, just look at the recipient email address. If it contains the “+servicename”, it means that “servicename” sold your email address!

  • Pros: very easy to use, just add +xyz to your email address.
  • Cons: the “+” sign can be see as invalid email address in some email validation system, so you can’t use it everywhere.

Second method: catchAll Account

The second one is more complicated.  It requires to have full control of your domain name and email configuration.

That method is by using a “catchAll” address.  A catchAll, is an email configuration that allow any email addressed to your domain name, to be redirected to the same inbox.  If someone try to contact any address of your domain, instead of receiving an error with “bad recipient”, every email will reach an inbox.  The catchAll inbox is used to receive all messages without specific account configured in your email system.

You need to have at least one real inbox account, like yourname@yourdomain.com.  Then you set it as a “catchAll” account.  Then, any incoming email to your domain, like “anything@yourdomain.com”, is sent to the inbox  “yourname@yourdomain.com”.  That way, when you subscribe to a service, you can use an email like thatservice@yourdomain.com.  If you create a twitter account, just set the email address to twitter@yourdomain.com.

Now, when you receive a suspicious email, you only need to look at the recipient “to” header.  If that mail is addressed to twitter@yourdomain.com, but that mail is not from twitter, you will know that they have sold your email! (twitter only used as example…)

  • Pros: email addresses used are all valid, without the “+” sign of the first method
  • Cons:
    • difficult to configure, you must have full control of your inbound email configuration and own your own domain name.
    • Sometimes, recipients will find suspicious that you use their domainname in your email address!

Example: how to configure a catchAll account at godaddy

 

How to test IE8 to 11 on windows 10

Sometimes, because your customers uses old versions of Internet Explorer in enterprise, you may have undiscovered issues with your web app, and need to reproduce these bugs.

BrowserStack offers a good solution, with tons of different virtual machines available in multiple versions to run your tests.  But, if you need to do some debugging in the development console (F12), that service is extremely slow, even unusable.

If you need to run IE versions 8 to 11 without performance issues, I suggest to download these Virtual Machines made by Microsoft.  You can get them there (link).

You can choose between IE8, IE9, IE10, IE11 on Win7 and Win8.1, and Edge.
Each of these machines are offered to these architectures:

These virtual machines are already configured and ready to run, with a limited windows licence available for 90 days.  After that delay, you may need to re-download a new VM.

My favorite vm engine was vmware, because I can run it for free using VMware Player.  But, they recently changed their licencing for these machines, so I discovered that other product, that is as good as vmware.  I now use Oracle VirtualBox, a totally free solution even for enterprise.

One thing I must do on these VM before running them, is changing the network adapter setting (of the VM), and choose Bridged network instead of the default option already selected.

Once they are configured and running, instead of using them in the native Player UI, I like to install them as a service (using that method), because I can connect to them using Remote Desktop, from my computer, or from any other computer of the Local Area Network.

Then at work, any developer of our team can connect to these VM, we only need to install them once, and they are always running.

How to run any program as a service on Windows

Sometimes, you want an application to always run.  Even if you are not logged on.  You want the app to start automatically with Windows.

You know that Windows Services are kind of software that do that.

But, what if you want a non-service app to run automatically, like a service, even notepad.exe?

You may have found softwares like AlwaysUp, FireDaemon, or srvany (from Windows Resource Kit) that can help you achieve that goal.

But, did you know that you can do that, directly inside windows, without any third party software?

The solution is to simply use the windows integrated Task Scheduler.

  • You can use it, to launch any app.
  • You can make it run on any username.
  • You can set it to run even if you are not logged.
  • And, the best of all, you can set it launch trigger to “Windows Startup”!

That’s all you need, to launch any app with windows start, like a windows service.

Ok, it’s not a real windows service, you can’t see it in the services area, but you will see them running in the Task Scheduler console, where you can stop it, restart it, etc.