svn commit: r421263 - head/security/acme-client/files
Bernard Spil
brnrd at FreeBSD.org
Fri Sep 2 10:31:40 UTC 2016
Author: brnrd
Date: Fri Sep 2 10:31:39 2016
New Revision: 421263
URL: https://svnweb.freebsd.org/changeset/ports/421263
Log:
security/acme-client: Fall back to letskencrypt periodic vars
- Add WARNING to pkg-message for rename
- Fall back to weekly_letskencrypt periodic vars
- Emit WARNING from periodic when old periodic var is used
Reported by: feld
Modified:
head/security/acme-client/files/000.acme-client.sh.in
head/security/acme-client/files/pkg-message.in
Modified: head/security/acme-client/files/000.acme-client.sh.in
==============================================================================
--- head/security/acme-client/files/000.acme-client.sh.in Fri Sep 2 10:19:05 2016 (r421262)
+++ head/security/acme-client/files/000.acme-client.sh.in Fri Sep 2 10:31:39 2016 (r421263)
@@ -9,11 +9,31 @@ fi
PATH=$PATH:%%LOCALBASE%%/bin:%%LOCALBASE%%/sbin
export PATH
+case "$weekly_letskencrypt_enable" in
+ [Yy][Ee][Ss])
+ echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
+ echo '!! WARNING: letskencrypt has been renamed to acme-client !!'
+ echo '!! rename all weekly_letskencrypt_* periodic variables !!'
+ echo '!! to weekly_acme_client_* in your periodic.conf !!'
+ echo '!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!'
+ : ${weekly_acme_client_enable:=$weekly_letskencrypt_enable}
+ : ${weekly_acme_client_renewscript:=$weekly_letskencrypt_renewscript}
+ : ${weekly_acme_client_domains:=$weekly_letskencrypt_domains}
+ : ${weekly_acme_client_challengedir:=$weekly_letskencrypt_challengedir}
+ : ${weekly_acme_client_args:=$weekly_letskencrypt_args}
+ : ${weekly_acme_client_deployscript:=$weekly_letskencrypt_deployscript}
+ ;;
+ *)
+ ;;
+esac
+
case "$weekly_acme_client_enable" in
[Yy][Ee][Ss])
echo
echo "Checking Let's Encrypt certificate status:"
+ : ${weekly_acme_client_args:="-b"}
+
if [ -x "$weekly_acme_client_renewscript" ] ; then
$weekly_acme_client_renewscript
else
Modified: head/security/acme-client/files/pkg-message.in
==============================================================================
--- head/security/acme-client/files/pkg-message.in Fri Sep 2 10:19:05 2016 (r421262)
+++ head/security/acme-client/files/pkg-message.in Fri Sep 2 10:31:39 2016 (r421263)
@@ -1,27 +1,33 @@
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! WARNING: letskencrypt has been renamed to acme-client !!
+!! rename all weekly_letskencrypt_* periodic variables !!
+!! to weekly_acme_client_* in your periodic.conf !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
There are example scripts in
-%%PREFIX%%/etc/letsencrypt
-that you can for renewing and deploying multiple certificates
+ %%PREFIX%%/etc/letsencrypt
+that you can use for renewing and deploying multiple certificates
In order to run the script regularly to update
the certificates add this line to /etc/periodic.conf
-weekly_acme_client_enable="YES"
+ weekly_acme_client_enable="YES"
Additionally the following parameters can be added to
/etc/periodic.conf (showing default values):
To specify the domain name(s) to include in the certificate
-weekly_acme_client_domains="$(hostname -f)"
+ weekly_acme_client_domains="$(hostname -f)"
To specify the .well-known/acme-challenge directory (full path)
-weekly_acme_client_challengedir="/usr/local/www/letsencrypt"
+ weekly_acme_client_challengedir="%%WWWDIR%%"
To set additional acme-client arguments (see acme-client(1))
-weekly_acme_client_args=""
+ weekly_acme_client_args="-b"
To run a specific script for the renewal (ignore previously set variables)
allows generating/renewing multiple keys/certificates
-weekly_acme_client_renewscript=""%%PREFIX%%/etc/letsencrypt/%%PORTNAME%%.sh"
+ weekly_acme_client_renewscript=""%%PREFIX%%/etc/letsencrypt/%%PORTNAME%%.sh"
To run a script after the renewal to deploy changed certs
-weekly_acme_client_deployscript="%%PREFIX%%/etc/letsencrypt/deploy.sh"
+ weekly_acme_client_deployscript="%%PREFIX%%/etc/letsencrypt/deploy.sh"
More information about the svn-ports-head
mailing list