From owner-freebsd-questions@freebsd.org  Mon Jul 30 02:14:47 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 69A411045139
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon, 30 Jul 2018 02:14:47 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: from mail-wr1-x434.google.com (mail-wr1-x434.google.com
 [IPv6:2a00:1450:4864:20::434])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id C741683BE2
 for <freebsd-questions@freebsd.org>; Mon, 30 Jul 2018 02:14:46 +0000 (UTC)
 (envelope-from dave.mehler@gmail.com)
Received: by mail-wr1-x434.google.com with SMTP id r16-v6so11010969wrt.11
 for <freebsd-questions@freebsd.org>; Sun, 29 Jul 2018 19:14:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=n3lZfW1oTp6hwqE7+JC1xn8DMsGVgGqC3hvTSk1irEU=;
 b=lncC4y/zu6Qp5EeusZ/QaoxFYYTSauGae6dQ0HvoaNHNuGCfxFJ7lGYdZpWNwSLAdE
 S0aLLDbPhjHLvTsdfwokIQfEdaxNk5MZPcYGV7JYBJ8K9qSKK9T7+A7/SkZ3RUdDko1p
 UQcKIzUwb4yGuaX0lvuQWmqRHwGMMBDOI6TI5p78gjubxNo6pTvmenZGtTbC5o2PPe5u
 XnW7ofodajHgNzUpFGZqVtUVbRJEIcWvuM/KKZoWVFQoWIux/upOdBoScWwa1vd3mIxW
 rd3UPqezwirHJSsvWNGphmJtr0FUFrE6kdeUbEPJnbWBpeetTEdrcxnFRP1USSlxru/R
 +7+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=n3lZfW1oTp6hwqE7+JC1xn8DMsGVgGqC3hvTSk1irEU=;
 b=d1bybg2oNRfSaO7ZCP0JePwlwL5DBr7TPUYScTXx6P6ya1u2HFYAbnopbZFVrai3ap
 8xiABnKOluOLgaGbHWArneqn6G+i+7HTMt7sHdMeZPnoFm5G2UDTxN0wxfUZ8ACjW+mv
 SlEV3SseAYSBjMyGCQlVdold6GFpmw9lgJ/5ZNp/q/OF5nIZIJ2LRyRKpiCqfZRN3TTu
 phx6+adLKM+5ztOLu/pJN6QRKaIdOGG/3JRe+CC3Y38QbrRxwIaxeYyoAwcpCPwyIreU
 iqVWyHQLfidC7KB8ycUEs9Np0gEYT1RaG+ogmIs8AIqU1XXsjeZrEdB2HeWOslxJgq6A
 NQQw==
X-Gm-Message-State: AOUpUlHrFGc+mzgV2Ijgujnl87rk1pI4MAVO6fyQmZ1ap/zo2q97uhc5
 LAnMH8TDsxVR7OMceWzcysCUP4Wokk5v+zTitnvM6G1E
X-Google-Smtp-Source: AAOMgpeoXJ4eYl1x8yuLvzPAF7zj/2h7gK+odqbi4kwP+yK9q0SpGxFEEkWe24lvKfU895Yf84FPUV7JmczPfUjod2s=
X-Received: by 2002:adf:c684:: with SMTP id
 j4-v6mr15697970wrg.243.1532916885033; 
 Sun, 29 Jul 2018 19:14:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:adf:e20c:0:0:0:0:0 with HTTP; Sun, 29 Jul 2018 19:14:44
 -0700 (PDT)
From: David Mehler <dave.mehler@gmail.com>
Date: Sun, 29 Jul 2018 22:14:44 -0400
Message-ID: <CAPORhP7YBsrGA7gTugWvj8GQ4syV0iBY1_OAj3n0VjmBK4sqqQ@mail.gmail.com>
Subject: acme.sh question and potential site slowness
To: freebsd-questions <freebsd-questions@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Jul 2018 02:14:47 -0000

Hello,

I'm using acme.sh from ports on freebsd 11.1.I've deployed a wildcard
certificate but my site seems to load slower. It's a perception thing.
Can someone take a look at these commands for generating and
installing the certificate make sure I didn't miss something?

Thanks.
Dave.
acme.sh --issue --dns dns_linode --dnssleep 900 -d example.com --ecc
-d '*.example.com' --keylength ec-384 --ocsp
acme.sh --installcert -d example.com --ecc --cert-file
"/usr/local/etc/ssl/acme/example.com/server-ec384.crt" --key-file
"/usr/local/etc/ssl/acme/example.com/privssl/server-ec384.key"
--ca-file "/usr/local/etc/ssl/acme/example.com/cacert.crt"
--fullchain-file "/usr/local/etc/ssl/acme/example.com/fullchain.crt"
--reloadcmd "sudo service apache24 reload && sudo dovecot reload &&
sudo postfix reload"

apache https configuration:
<VirtualHost *:80>
ServerName www.example.com
ServerAlias webmail.example.com:80
ServerAdmin webmaster@example.com
DocumentRoot /usr/vhosts/example.com/temp
LogLevel info

<IfModule mod_rewrite.c>
RewriteEngine On
    RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
</IfModule>

<Directory "/usr/vhosts/example.com/temp/">
Options None
AllowOverride None
Require all granted
</Directory>
</VirtualHost>

<VirtualHost *:443>
ServerName www.example.com:443
ServerAlias webmail.example.com:443
ServerAdmin webmaster@example.com
DocumentRoot /usr/vhosts/example.com/temp
LogLevel info

<Directory "/usr/vhosts/example.com/temp">
Options None
AllowOverride None
Require all granted
</Directory>

SSLEngine on
SSLCertificateFile "/usr/local/etc/ssl/acme/example.com/server-ec384.crt"
SSLCertificateKeyFile
"/usr/local/etc/ssl/acme/example.com/privssl/server-ec384.key"
SSLCertificateChainFile "/usr/local/etc/ssl/acme/example.com/fullchain.crt"
SSLCACertificateFile "/usr/local/etc/ssl/acme/example.com/cacert.crt"
</VirtualHost>