Dehydrated setup
Dirk Engling
erdgeist at erdgeist.org
Tue Nov 8 14:25:26 UTC 2016
On 08/11/2016 15:16, @lbutlr wrote:
> It is possible, but I am pretty sure it did. It is apache 2.4 built
from portmaster.
>
>> Could you tell me, which webserver you're
>> using? Then I can copy you a snippet for its config that should work.
With apache I changed
WELLKNOWN="/usr/local/www/dehydrated/.well-known/acme-challenge"
created both directories and had apache use /usr/local/www/dehydrated
for non-tls connections. Your mileage may vary, so you might need to
have WELLKNOWN point to /usr/local/www/.well-known/acme-challenge and
make this directory belong to _dehydrated and be world readable.
>> Also I would suggest setting
>>
>> BASEDIR=/var/dehydrated
>
> Do you mean create that directory?
Yes. Actually in a perfect world the package would have done that for
you, but port's maintainers have been busy getting the transition from
the name letsencrypt.sh to dehydrated right.
>> in your config and make /usr/local/etc/dehydrated/ belong to root.
>
> It does belong to root.
>
> # ls -lsd /usr/local/etc/dehydrated
> 8 drwxrwx--x 5 root _dehydrated 512 Nov 8 06:56
/usr/local/etc/dehydrated
But group has +w, so it can just delete files and write them anew. See,
complex permission models always leave you head scratching if you really
thought of everything.
> I can certainly do that, though I think it would be better to do it
> once I get something of some sort actually working, yes?
Sure ;) But its not worth it to get something running that you need to
change afterwards.
erdgeist
More information about the freebsd-ports
mailing list