MoinQ:

1. FreeBSD/letsencrypt/certbot

/2020-04-01

httpdを停めて、certbotを実行、httpdを再開。


https://certbot.eff.org/#freebsd-other

python 2.7が動く環境であれば、py-certbot pkgを入れるのがよさそう。

1.1. 現状

%certbot-auto                                                            ~
zsh: command not found: certbot-auto
0:49f%whereis certbot                                                         ~
certbot: /usr/local/bin/certbot
0:52f%file /usr/local/bin/certbot                                             ~
/usr/local/bin/certbot: symbolic link to certbot-2.7
0:52f%file /usr/local/bin/certbot-2.7                                         ~
/usr/local/bin/certbot-2.7: Python script, ASCII text executable

1.2. Install

Run these steps to install the Certbot client.

1.2.1. Port:

$ cd /usr/ports/security/py-certbot && make install clean

1.2.2. Package:

pkg install py27-certbot

こっちを試した。pkg install は成功した。

Message from py27-certbot-0.12.0,1:
===========================================================================

This port installs the "standalone" Python client only, which does not use and
is not the certbot-auto bootstrap/wrapper script.

To obtain certificates, use the 'certonly' command as follows:

 # sudo certbot certonly --standalone -d [server FQDN]

Note: The client currently requires the ability to bind on TCP port 80. If
you have a server running on this port, it will need to be temporarily stopped
so that the standalone server can listen on that port to complete
authentication.

The certbot plugins to support apache and nginx certificate installation
will be made available soon in the following ports:

 * Apache plugin: security/py-certbot-apache
 * Nginx plugin: security/py-certbot-nginx

===========================================================================

1.3. Get Started

Since your server architecture doesn't yet support automatic installation

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

port 80をlistenしているものを止めてから、実行する。(httpd, pound の両方)

# sudo certbot certonly --standalone -d [server FQDN]

証明書をget: /log /log-2017-08 /log-2017-11

これをpoundに設定する。