LetsEncrypt.sh

@lbutlr kremels at kreme.com
Wed Mar 23 04:30:18 UTC 2016 

> On Mar 19, 2016, at 8:58 AM, Matthias Fechner <idefix at fechner.net> wrote:
> 
> Am 19.03.2016 um 13:40 schrieb @lbutlr:
>> Is anyone using this port successfully?
>> 
>> It appears to be running here, but is generating some 0 length files:
>> 
>> total 64
>> 8 -rw-------  1 443  443  1854 Mar  4 23:38 cert-1457159890.csr
>> 0 -rw-------  1 443  443     0 Mar  4 23:38 cert-1457159890.pem
>> 8 -rw-------  1 443  443  1854 Mar  5 05:06 cert-1457179567.csr
>> 0 -rw-------  1 443  443     0 Mar  5 05:06 cert-1457179567.pem
>> 8 -rw-------  1 443  443  1854 Mar 12 04:35 cert-1457782552.csr
>> 0 -rw-------  1 443  443     0 Mar 12 04:35 cert-1457782552.pem
>> 8 -rw-------  1 443  443  1854 Mar 19 04:15 cert-1458382543.csr
>> 0 -rw-------  1 443  443     0 Mar 19 04:15 cert-1458382543.pem
>> 8 -rw-------  1 443  443  3243 Mar  4 23:38 privkey-1457159890.pem
>> 8 -rw-------  1 443  443  3243 Mar  5 05:06 privkey-1457179567.pem
>> 8 -rw-------  1 443  443  3247 Mar 12 04:35 privkey-1457782552.pem
>> 8 -rw-------  1 443  443  3243 Mar 19 04:15 privkey-1458382543.pem
>> 
>> Or I am missing a step.
> 
> I use the port security/letsencrypt.sh which is working fine.
> I create the keys with:
> sudo letsencrypt certonly --webroot --webroot-path=/usr/local/www/letsencrypt/ --renew-by-default --agree-tos --email <email> -d <domain1> -d <domain2> ….

My executable is named /usr/local/bin/letsencrypt.sh and does not have a certonly option.

$ letsencrypt.sh -h
Usage: /usr/local/bin/letsencrypt.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...

Default command: help

Commands:
 --cron (-c)                      Sign/renew non-existant/changed/expiring certificates.
 --signcsr (-s) path/to/csr.pem   Sign a given CSR, output CRT on stdout (advanced usage)
 --revoke (-r) path/to/cert.pem   Revoke specified certificate
 --cleanup (-gc)                  Move unused certificate files to archive directory
 --help (-h)                      Show help text
 --env (-e)                       Output configuration variables for use in other scripts

Parameters:
 --domain (-d) domain.tld         Use specified domain name(s) instead of domains.txt entry (one certificate!)
 --force (-x)                     Force renew of certificate even if it is longer valid than value in RENEW_DAYS
 --privkey (-p) path/to/key.pem   Use specified private key instead of account key (useful for revocation)
 --config (-f) path/to/config.sh  Use specified config file
 --hook (-k) path/to/hook.sh      Use specified script for hooks
 --challenge (-t) http-01|dns-01  Which challenge should be used? Currently http-01 and dns-01 are supported
 --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

-- 
A.D. 1517: Martin Luther nails his 95 Theses to the church door and is
promptly moderated down to (-1, Flamebait). -- Yu Suzuki

More information about the freebsd-ports mailing list