1. FreeBSD/letsencrypt/certbot
httpdを停めて、certbotを実行、httpdを再開。
証明書をpoundのもとにコピー、poundを再起動。-- ToshinoriMaeno 2019-10-16 08:30:28
https://certbot.eff.org/#freebsd-other
python 2.7が動く環境であれば、py-certbot pkgを入れるのがよさそう。
- /usr/local/lib/python2.7/site-packages/certbot
1.1. 現状
%certbot-auto ~ zsh: command not found: certbot-auto 0:49f%whereis certbot ~ certbot: /usr/local/bin/certbot 0:52f%file /usr/local/bin/certbot ~ /usr/local/bin/certbot: symbolic link to certbot-2.7 0:52f%file /usr/local/bin/certbot-2.7 ~ /usr/local/bin/certbot-2.7: Python script, ASCII text executable
1.2. Install
Run these steps to install the Certbot client.
1.2.1. Port:
$ cd /usr/ports/security/py-certbot && make install clean
- python 2.7 依存だが、そのpython 2.7でエラーになる。(_ctypeがないとのこと)
1.2.2. Package:
pkg install py27-certbot
こっちを試した。pkg install は成功した。
Message from py27-certbot-0.12.0,1: =========================================================================== This port installs the "standalone" Python client only, which does not use and is not the certbot-auto bootstrap/wrapper script. To obtain certificates, use the 'certonly' command as follows: # sudo certbot certonly --standalone -d [server FQDN] Note: The client currently requires the ability to bind on TCP port 80. If you have a server running on this port, it will need to be temporarily stopped so that the standalone server can listen on that port to complete authentication. The certbot plugins to support apache and nginx certificate installation will be made available soon in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx ===========================================================================
1.3. Get Started
Since your server architecture doesn't yet support automatic installation
- you'll have to use the certonly command to obtain your certificate.
certbot certonly
This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.
port 80をlistenしているものを止めてから、実行する。(httpd, pound の両方)
# sudo certbot certonly --standalone -d [server FQDN]
証明書をget: /log /log-2017-08 /log-2017-11
これをpoundに設定する。