and certificate deployment

David Mehler dave.mehler at
Fri Jul 27 12:23:09 UTC 2018


I'm really thinking about converting my existing letsencrypt effort
from acme-client to script. This is on FreeBSD 11.1 and I'm
using apache 2.4, and postfix, and dovecot, I think those are the only
tls-enabled services i've got.

I like the fact that can do a wildcard certificate as I only
need one for the tld and not x for all subdomains. I do like that fact
that it also can handle ECC curves.

The thing that is holding me back is deployment, how do you deploy
your tls certificates? Yesterday I did it manually but I only did it
for one domain, copied the files where I wanted them and manually
entered the tls information in apache's setup.

I've got the cron script going so ideally i'd like to get a
certificate renewed if needed cron takes care of that, then the
certificate and key are deployed to where they need to go and the
service or services are restarted.

My second question and this one is a curiousity, the certificates that
are made end with a .cer extension, can I change this in the script?


More information about the freebsd-questions mailing list