Date: Tue, 8 Nov 2016 15:25:22 +0100 From: Dirk Engling <erdgeist@erdgeist.org> To: @lbutlr <kremels@kreme.com>, freebsd-ports@freebsd.org Subject: Re: Dehydrated setup Message-ID: <25a344db-71b1-012e-603a-1b1f3b4988e0@erdgeist.org> In-Reply-To: <85DE1A10-ADFD-4132-A71C-9F4064630B9B@kreme.com> References: <FECFF380-14AD-4692-AC42-2483238C4520@gmail.com> <68409904-4868-5210-6c76-f123ca849996@erdgeist.org> <C3108A51-6680-4F15-973F-8CA82F4C775B@kreme.com> <1ee859d9-0fe3-c479-d183-66cbab63e937@erdgeist.org> <85DE1A10-ADFD-4132-A71C-9F4064630B9B@kreme.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/11/2016 15:16, @lbutlr wrote: > It is possible, but I am pretty sure it did. It is apache 2.4 built from portmaster. > >> Could you tell me, which webserver you're >> using? Then I can copy you a snippet for its config that should work. With apache I changed WELLKNOWN="/usr/local/www/dehydrated/.well-known/acme-challenge" created both directories and had apache use /usr/local/www/dehydrated for non-tls connections. Your mileage may vary, so you might need to have WELLKNOWN point to /usr/local/www/.well-known/acme-challenge and make this directory belong to _dehydrated and be world readable. >> Also I would suggest setting >> >> BASEDIR=/var/dehydrated > > Do you mean create that directory? Yes. Actually in a perfect world the package would have done that for you, but port's maintainers have been busy getting the transition from the name letsencrypt.sh to dehydrated right. >> in your config and make /usr/local/etc/dehydrated/ belong to root. > > It does belong to root. > > # ls -lsd /usr/local/etc/dehydrated > 8 drwxrwx--x 5 root _dehydrated 512 Nov 8 06:56 /usr/local/etc/dehydrated But group has +w, so it can just delete files and write them anew. See, complex permission models always leave you head scratching if you really thought of everything. > I can certainly do that, though I think it would be better to do it > once I get something of some sort actually working, yes? Sure ;) But its not worth it to get something running that you need to change afterwards. erdgeist
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25a344db-71b1-012e-603a-1b1f3b4988e0>