https
Добавлено: 2017-05-08 11:18:46
Мне неприятно по http логинится к тебе, что в freebsd letsencrypt не завезли?
Код: Выделить всё
vm1# pkg search py-certbot
vm1# pkg search letskencrypt
vm1# pkg search py-acme-tiny
vm1#
Код: Выделить всё
vm1# cat /usr/local/etc/pkg/repos/FreeBSD.conf
#
FreeBSD: { enabled: no }
FreeBSD-latest: {
url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
mirror_type: "srv",
signature_type: "fingerprints",
fingerprints: "/usr/share/keys/pkg",
enabled: yes
}
vm1# uname -a
FreeBSD vm1.lissyara.su 11.0-RELEASE-p1 FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016 root@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
vm1#
Код: Выделить всё
pkg search acme-client
acme-client-0.1.16_1 Native C client for Let's Encrypt, designed for security
pkg search certbot
py27-certbot-0.13.0_1,1 Let's Encrypt client
pkg search acme-tiny
acme-tiny-0.0.g.2016.08.18 Tiny script to issue and renew TLS certs from Let's Encrypt
Код: Выделить всё
vm1# certbot certonly --standalone -d www.lissyara.su
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for www.lissyara.su
-------------------------------------------------------------------------------
Could not bind TCP port 443 because it is already in use by another process on
this system (such as a web server). Please stop the program in question and then
try again.
-------------------------------------------------------------------------------
А зачем форум именно твою то аватарку по http тянут, где то захордкожено что ли так чудно?
Зачем же standalone то? Понятно что он своё www соединение хочет организовывать.Alex Keda писал(а): vm1# certbot certonly --standalone -d http://www.lissyara.su
Код: Выделить всё
# certbot certonly --agree-tos --email postmaster@lissyara.su --webroot -w /path/to/webroot/of/lissyara.su -d lissyara.su -d www.lissyara.su
Чё-то FreeBSD пока ни с кого не собирает и не закрывается.
У Let's Encrypt есть возможность использовать CSR же. См., к примеру
Код: Выделить всё
vm1# crontab -l | tail -3
# перевыпуск сертфикатов
@daily sleep `jot -r 1 3700 86400` && certbot renew >/dev/null 2>&1
vm1#
Код: Выделить всё
vm1# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/forum.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for forum.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/forum.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for http://www.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/cacti.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for cacti.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/cacti.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/gbi.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for gbi.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/gbi.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/home.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for home.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/home.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/wiki.lissyara.su.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for wiki.lissyara.su
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/wiki.lissyara.su.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
-------------------------------------------------------------------------------
Processing /usr/local/etc/letsencrypt/renewal/www.depevo.ru.conf
-------------------------------------------------------------------------------
Cert is due for renewal, auto-renewing...
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for http://www.depevo.ru
Cleaning up challenges
Attempting to renew cert from /usr/local/etc/letsencrypt/renewal/www.depevo.ru.conf produced an unexpected error: Could not bind TCP port 443 because it is already in use by another process on this system (such as a web server). Please stop the program in question and then try again.. Skipping.
All renewal attempts failed. The following certs could not be renewed:
/usr/local/etc/letsencrypt/live/forum.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/www.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/cacti.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/gbi.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/home.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/wiki.lissyara.su/fullchain.pem (failure)
/usr/local/etc/letsencrypt/live/www.depevo.ru/fullchain.pem (failure)
8 renew failure(s), 0 parse failure(s)
vm1#
Код: Выделить всё
location /.well-known/acme-challenge/ {
allow all;
access_log /home/logs/www/acme-access.log vhosts;
try_files $uri /dev/null =404;
}