Date: Mon, 3 Apr 2017 15:10:31 -0500 (CDT) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "David Mehler" <dave.mehler@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: letsencrypt configuration Message-ID: <59055.128.135.52.6.1491250231.squirrel@cosmo.uchicago.edu> In-Reply-To: <CAPORhP6boaYe5Pias9jNYURD-efsiUcTPQq9sJehkC8bm7%2Ba%2BA@mail.gmail.com> References: <77a1e8683e3a15cd08986d66807959b2@drenet.net> <CA%2Bg%2BBvjkSifgxOG9bk6qdu2drt1oY_OhTHdOOsbkKDyJJ0oLgQ@mail.gmail.com> <1491201000.3329748.932028040.22FE70EC@webmail.messagingengine.com> <28d4f822-0f6c-7847-322f-6264e200d196@beatsnet.com> <51316.69.209.224.246.1491224938.squirrel@cosmo.uchicago.edu> <CAPORhP6boaYe5Pias9jNYURD-efsiUcTPQq9sJehkC8bm7%2Ba%2BA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, April 3, 2017 2:46 pm, David Mehler wrote: > Hello, > > On the subject of letsencrypt is there any pitfalls to switching > implementations? For example I'm not liking the fact that py-certbot > which I currently use relies on Python and a lot of dependencies and > would like to give security/acme-client a go. I however do not want to > regenerate certificates. I never switched from one tool to another, so I only can offer unsupported experimentally insight. With different tool, if you copy certificates, and the rest of the structure from current tool layout to that different tool layout, you will not have to re-generate certificates. However, were it me, I even wouldn't care if with new tool makes certificates get re-generated. I would make sure though after new tool with all cron jobs etc is verified to work, old tool and all its related setup is removed. This will ensure that when new tool renews certificates, these will be these new certificates that your server uses, not certificates lying in old tool location, which are not renewed. I personally, once I have working setup (which I have some confidence in, as in my case certificated got automatically renewed a couple of times), I am reluctant to switch to something different. But this is just me, lazy person ;-) Valeri > > Thanks. > Dave. > > > On 4/3/17, Valeri Galtsev <galtsev@kicp.uchicago.edu> wrote: >> >> On Mon, April 3, 2017 3:41 am, Beat Siegenthaler wrote: >>> On 03.04.17 08:30, Dave Cottlehuber wrote: >>>>> On Sat, Apr 1, 2017 at 2:40 AM, Andre Goree <andre@drenet.net> wrote: >>>>>> So how is everyone going about configuring letsencrypt on FreeBSD? >>>>>> It >>>>>> would >>>>>> seem that multiple ports that used to exist for this very purpose >>>>>> are >>>>>> no >>>>>> longer in the repos (letskencrypt, py-letsencrypt), so tutorials I'm >>>>>> finding >>>>>> (and even letskencrypt, which is still in the FreeBDS wiki) aren't >>>>>> much >>>>>> help. >>>> I speculate that the letsencrypt trademark has been enforced >>>> https://letsencrypt.org/trademarks/ so people needed to rename their >>>> tools. >>>> >>> https://www.freshports.org/security/dehydrated/ Is one of these and my >>> preferred one... >>> >>> dehydrated is a pure BASH implementation of the ACME >>> protocol used by Lets Encrypt. >>> >> >> I happily use >> >> https://www.freshports.org/security/py-certbot/ >> >> for dealing with letsencrypt.org certificates on my servers. >> >> Valeri >> >> ++++++++++++++++++++++++++++++++++++++++ >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> ++++++++++++++++++++++++++++++++++++++++ >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59055.128.135.52.6.1491250231.squirrel>