letsencrypt configuration
Valeri Galtsev
galtsev at kicp.uchicago.edu
Mon Apr 3 20:10:33 UTC 2017
On Mon, April 3, 2017 2:46 pm, David Mehler wrote:
> Hello,
>
> On the subject of letsencrypt is there any pitfalls to switching
> implementations? For example I'm not liking the fact that py-certbot
> which I currently use relies on Python and a lot of dependencies and
> would like to give security/acme-client a go. I however do not want to
> regenerate certificates.
I never switched from one tool to another, so I only can offer unsupported
experimentally insight. With different tool, if you copy certificates, and
the rest of the structure from current tool layout to that different tool
layout, you will not have to re-generate certificates. However, were it
me, I even wouldn't care if with new tool makes certificates get
re-generated. I would make sure though after new tool with all cron jobs
etc is verified to work, old tool and all its related setup is removed.
This will ensure that when new tool renews certificates, these will be
these new certificates that your server uses, not certificates lying in
old tool location, which are not renewed.
I personally, once I have working setup (which I have some confidence in,
as in my case certificated got automatically renewed a couple of times), I
am reluctant to switch to something different. But this is just me, lazy
person ;-)
Valeri
>
> Thanks.
> Dave.
>
>
> On 4/3/17, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:
>>
>> On Mon, April 3, 2017 3:41 am, Beat Siegenthaler wrote:
>>> On 03.04.17 08:30, Dave Cottlehuber wrote:
>>>>> On Sat, Apr 1, 2017 at 2:40 AM, Andre Goree <andre at drenet.net> wrote:
>>>>>> So how is everyone going about configuring letsencrypt on FreeBSD?
>>>>>> It
>>>>>> would
>>>>>> seem that multiple ports that used to exist for this very purpose
>>>>>> are
>>>>>> no
>>>>>> longer in the repos (letskencrypt, py-letsencrypt), so tutorials I'm
>>>>>> finding
>>>>>> (and even letskencrypt, which is still in the FreeBDS wiki) aren't
>>>>>> much
>>>>>> help.
>>>> I speculate that the letsencrypt trademark has been enforced
>>>> https://letsencrypt.org/trademarks/ so people needed to rename their
>>>> tools.
>>>>
>>> https://www.freshports.org/security/dehydrated/ Is one of these and my
>>> preferred one...
>>>
>>> dehydrated is a pure BASH implementation of the ACME
>>> protocol used by Lets Encrypt.
>>>
>>
>> I happily use
>>
>> https://www.freshports.org/security/py-certbot/
>>
>> for dealing with letsencrypt.org certificates on my servers.
>>
>> Valeri
>>
>> ++++++++++++++++++++++++++++++++++++++++
>> Valeri Galtsev
>> Sr System Administrator
>> Department of Astronomy and Astrophysics
>> Kavli Institute for Cosmological Physics
>> University of Chicago
>> Phone: 773-702-4247
>> ++++++++++++++++++++++++++++++++++++++++
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
>
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list