From owner-freebsd-questions@freebsd.org Mon Apr 3 20:10:33 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2D3E8D2BAA3 for ; Mon, 3 Apr 2017 20:10:33 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: from cosmo.uchicago.edu (cosmo.uchicago.edu [128.135.20.71]) by mx1.freebsd.org (Postfix) with ESMTP id E1FFB51 for ; Mon, 3 Apr 2017 20:10:32 +0000 (UTC) (envelope-from galtsev@kicp.uchicago.edu) Received: by cosmo.uchicago.edu (Postfix, from userid 48) id DC0DACB8C8B; Mon, 3 Apr 2017 15:10:31 -0500 (CDT) Received: from 128.135.52.6 (SquirrelMail authenticated user valeri) by cosmo.uchicago.edu with HTTP; Mon, 3 Apr 2017 15:10:31 -0500 (CDT) Message-ID: <59055.128.135.52.6.1491250231.squirrel@cosmo.uchicago.edu> In-Reply-To: References: <77a1e8683e3a15cd08986d66807959b2@drenet.net> <1491201000.3329748.932028040.22FE70EC@webmail.messagingengine.com> <28d4f822-0f6c-7847-322f-6264e200d196@beatsnet.com> <51316.69.209.224.246.1491224938.squirrel@cosmo.uchicago.edu> Date: Mon, 3 Apr 2017 15:10:31 -0500 (CDT) Subject: Re: letsencrypt configuration From: "Valeri Galtsev" To: "David Mehler" Cc: freebsd-questions@freebsd.org Reply-To: galtsev@kicp.uchicago.edu User-Agent: SquirrelMail/1.4.8-5.el5.centos.7 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Apr 2017 20:10:33 -0000 On Mon, April 3, 2017 2:46 pm, David Mehler wrote: > Hello, > > On the subject of letsencrypt is there any pitfalls to switching > implementations? For example I'm not liking the fact that py-certbot > which I currently use relies on Python and a lot of dependencies and > would like to give security/acme-client a go. I however do not want to > regenerate certificates. I never switched from one tool to another, so I only can offer unsupported experimentally insight. With different tool, if you copy certificates, and the rest of the structure from current tool layout to that different tool layout, you will not have to re-generate certificates. However, were it me, I even wouldn't care if with new tool makes certificates get re-generated. I would make sure though after new tool with all cron jobs etc is verified to work, old tool and all its related setup is removed. This will ensure that when new tool renews certificates, these will be these new certificates that your server uses, not certificates lying in old tool location, which are not renewed. I personally, once I have working setup (which I have some confidence in, as in my case certificated got automatically renewed a couple of times), I am reluctant to switch to something different. But this is just me, lazy person ;-) Valeri > > Thanks. > Dave. > > > On 4/3/17, Valeri Galtsev wrote: >> >> On Mon, April 3, 2017 3:41 am, Beat Siegenthaler wrote: >>> On 03.04.17 08:30, Dave Cottlehuber wrote: >>>>> On Sat, Apr 1, 2017 at 2:40 AM, Andre Goree wrote: >>>>>> So how is everyone going about configuring letsencrypt on FreeBSD? >>>>>> It >>>>>> would >>>>>> seem that multiple ports that used to exist for this very purpose >>>>>> are >>>>>> no >>>>>> longer in the repos (letskencrypt, py-letsencrypt), so tutorials I'm >>>>>> finding >>>>>> (and even letskencrypt, which is still in the FreeBDS wiki) aren't >>>>>> much >>>>>> help. >>>> I speculate that the letsencrypt trademark has been enforced >>>> https://letsencrypt.org/trademarks/ so people needed to rename their >>>> tools. >>>> >>> https://www.freshports.org/security/dehydrated/ Is one of these and my >>> preferred one... >>> >>> dehydrated is a pure BASH implementation of the ACME >>> protocol used by Lets Encrypt. >>> >> >> I happily use >> >> https://www.freshports.org/security/py-certbot/ >> >> for dealing with letsencrypt.org certificates on my servers. >> >> Valeri >> >> ++++++++++++++++++++++++++++++++++++++++ >> Valeri Galtsev >> Sr System Administrator >> Department of Astronomy and Astrophysics >> Kavli Institute for Cosmological Physics >> University of Chicago >> Phone: 773-702-4247 >> ++++++++++++++++++++++++++++++++++++++++ >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to >> "freebsd-questions-unsubscribe@freebsd.org" >> > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++