LetsEncrypt.sh
@lbutlr
kremels at kreme.com
Wed Mar 23 04:30:18 UTC 2016
> On Mar 19, 2016, at 8:58 AM, Matthias Fechner <idefix at fechner.net> wrote:
>
> Am 19.03.2016 um 13:40 schrieb @lbutlr:
>> Is anyone using this port successfully?
>>
>> It appears to be running here, but is generating some 0 length files:
>>
>> total 64
>> 8 -rw------- 1 443 443 1854 Mar 4 23:38 cert-1457159890.csr
>> 0 -rw------- 1 443 443 0 Mar 4 23:38 cert-1457159890.pem
>> 8 -rw------- 1 443 443 1854 Mar 5 05:06 cert-1457179567.csr
>> 0 -rw------- 1 443 443 0 Mar 5 05:06 cert-1457179567.pem
>> 8 -rw------- 1 443 443 1854 Mar 12 04:35 cert-1457782552.csr
>> 0 -rw------- 1 443 443 0 Mar 12 04:35 cert-1457782552.pem
>> 8 -rw------- 1 443 443 1854 Mar 19 04:15 cert-1458382543.csr
>> 0 -rw------- 1 443 443 0 Mar 19 04:15 cert-1458382543.pem
>> 8 -rw------- 1 443 443 3243 Mar 4 23:38 privkey-1457159890.pem
>> 8 -rw------- 1 443 443 3243 Mar 5 05:06 privkey-1457179567.pem
>> 8 -rw------- 1 443 443 3247 Mar 12 04:35 privkey-1457782552.pem
>> 8 -rw------- 1 443 443 3243 Mar 19 04:15 privkey-1458382543.pem
>>
>> Or I am missing a step.
>
> I use the port security/letsencrypt.sh which is working fine.
> I create the keys with:
> sudo letsencrypt certonly --webroot --webroot-path=/usr/local/www/letsencrypt/ --renew-by-default --agree-tos --email <email> -d <domain1> -d <domain2> ….
My executable is named /usr/local/bin/letsencrypt.sh and does not have a certonly option.
$ letsencrypt.sh -h
Usage: /usr/local/bin/letsencrypt.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
Default command: help
Commands:
--cron (-c) Sign/renew non-existant/changed/expiring certificates.
--signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage)
--revoke (-r) path/to/cert.pem Revoke specified certificate
--cleanup (-gc) Move unused certificate files to archive directory
--help (-h) Show help text
--env (-e) Output configuration variables for use in other scripts
Parameters:
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
--config (-f) path/to/config.sh Use specified config file
--hook (-k) path/to/hook.sh Use specified script for hooks
--challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported
--algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
--
A.D. 1517: Martin Luther nails his 95 Theses to the church door and is
promptly moderated down to (-1, Flamebait). -- Yu Suzuki
More information about the freebsd-ports
mailing list