From owner-freebsd-questions@freebsd.org  Wed Dec 19 14:42:07 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3B439133745A
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 19 Dec 2018 14:42:07 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com
 [IPv6:2a00:1450:4864:20::32d])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id EF93F834E5
 for <freebsd-questions@freebsd.org>; Wed, 19 Dec 2018 14:42:05 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: by mail-wm1-x32d.google.com with SMTP id g67so6694814wmd.2
 for <freebsd-questions@freebsd.org>; Wed, 19 Dec 2018 06:42:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=Yd1jWR+wKYZWS4/s7BBWWtD5dxINl+chwT/Pau5/DIo=;
 b=i00JRHNFsAmEpu8FJasNgaFgUWm2kmjhXfZsIpyafCckUnTkyFCH58yquEeMlZgc4n
 HMQYgh/QJ4SHbeWw2LkOJ3kF3zgO8oeGnBkDld+bn5cZNbjrWH/A3WKcBRpVr+bVK9dg
 r27dkCLcY3hObLmohJqOOisTqZYhwebjJggUUeuuZIZELrtRDVdK1Tu7JHmlWcn8CGUL
 hkFuRYf2TAg4ADhMzojkYww7SpnCGFp1+k6dMnAg/hcQi+pA70uaYEgMIFmIKziN0b+G
 SxDcxomeipe/Q+YEgA57t5DHAqg9zwT2M6VLitddIy5IaAMLf6sPBwsOQXG+frBig5Sn
 2xnA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=Yd1jWR+wKYZWS4/s7BBWWtD5dxINl+chwT/Pau5/DIo=;
 b=ni5SoJ/LMLhMt7JWkbGsXoc2RHA+oGi7GjSRLviOiz/Xjyps55lE4aVE/7uv/ayYfE
 /uVFf57fgw3PNXa0PqfgXgFa1dDSP+Mdok49C9/BSZL8QJpaMy2QovK2GZfMZt1Rso9w
 mvOkfSxyyiMafMgPzMfXeifQ3Nhsvo5rqXzd2z91fepblLfKKHqladY2Pk2aZZS+tFHM
 fOWvaV6BZyqhKATLaxVkHi2ZI6C6ommVGoeOp+tEimXAXPUwt0exPeHvMA3H5cbtM85Y
 lNrszUa/jmseSzoAzySh3JOz0Q3coBsd3pkHxLWCNYAJcVUO9JzH00VfNwdsdcye/KRd
 agjw==
X-Gm-Message-State: AA+aEWZdv3nbsfBQNaReqrTrRbp5j3nk4cZlCHI+25FLPI+Vniz6VfCf
 UyRLZom6LPwjO/AvjT7+D7nNAeEUO5haq5yIkABmyMop
X-Google-Smtp-Source: AFSGD/UJum6+tfqh67xMiWSAXFGsY9SC6KUadtZtkBTCzRaMS3oknKRvItnByMwbBHoJCtAecL7qYxwrlVB4CSNdJMk=
X-Received: by 2002:a1c:9d57:: with SMTP id g84mr6839868wme.16.1545230524457; 
 Wed, 19 Dec 2018 06:42:04 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:adf:8235:0:0:0:0:0 with HTTP; Wed, 19 Dec 2018 06:42:03
 -0800 (PST)
From: David Mehler <dave.mehler@gmail.com>
Date: Wed, 19 Dec 2018 09:42:03 -0500
Message-ID: <CAPORhP7Vcjc2BzgJ7KePc=LT+4Zz7CPdOUqNPuH0y=ba=mdpAA@mail.gmail.com>
Subject: FreeBSD, acme.sh, and sudo
To: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: EF93F834E5
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=i00JRHNF;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates
 2a00:1450:4864:20::32d as permitted sender)
 smtp.mailfrom=davemehler@gmail.com
X-Spamd-Result: default: False [-6.47 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com];
 NEURAL_HAM_SHORT(-0.96)[-0.961,0]; FROM_EQ_ENVFROM(0.00)[];
 RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US];
 TAGGED_FROM(0.00)[];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 RCPT_COUNT_ONE(0.00)[1];
 IP_SCORE(-2.50)[ip: (-9.45), ipnet: 2a00:1450::/32(-1.59), asn: 15169(-1.39),
 country: US(-0.08)]; 
 RCVD_IN_DNSWL_NONE(0.00)[d.2.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.5.4.1.0.0.a.2.list.dnswl.org
 : 127.0.5.0]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Dec 2018 14:42:07 -0000

Hello,

I've got a FreeBSD 11.2 system. I'm running apache 2.4 and acme.sh for
letsencrypt certificate management.

I've got one problem, keys and certificates are created, and installed
and renewed correctly, but at the end of the command I do

--reloadcmd "sudo service apache24 reload"

so that any renewed certificates will be picked up. I am getting the
following from sudo:

[acme@xx ~]$ sudo service apache24 reload
sudo: pam_open_session: system error
sudo: policy plugin failed session initialization

In my sudoers file I have:

# Allow anyone in the acme group, without a password, to use
/usr/sbin/service commands
 %acme  ALL=NOPASSWD: ALL

and user privileges:
# finger acme
Login: acme                             Name: ACME protocol client
Directory: /var/db/acme                 Shell: /usr/local/bin/bash
No Mail.
No Plan.

#groups acme
acme

#id acme
uid=169(acme) gid=169(acme) groups=169(acme)

Suggestions welcome.

Thanks.
Dave.