![[PukiWiki]](image/pukiwiki.png "[PukiWiki]")
CONTENTS
Lastmodified 2023-11-01 (水) 08:55:04
https://scratchpad.jp/https-with-lets-encrypt/
987 8:32 locate certbot 988 8:35 portinstall security/py-certbot
Installing py27-certbot-0.18.1,1... =========================================================================== This port installs the "standalone" Python client only, which does not use and is not the certbot-auto bootstrap/wrapper script. To obtain certificates, use the 'certonly' command as follows: # sudo certbot certonly --standalone -d [server FQDN] Note: The client currently requires the ability to bind on TCP port 80. If you have a server running on this port, it will need to be temporarily stopped so that the standalone server can listen on that port to complete authentication. The certbot plugins to support apache and nginx certificate installation will be made available soon in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx ===========================================================================
# certbot certonly --standalone -d sun1.smb.net
Traceback (most recent call last):
File "/usr/local/bin/certbot", line 6, in <module>
from pkg_resources import load_entry_point
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3038, in <module>
@_call_aside
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3022, in _call_aside
f(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3051, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 659, in _build_master
return cls._build_from_requirements(__requires__)
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 672, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 862, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (cryptography 1.7.2 (/usr/local/lib/python2.7/site-packages), Requirement.parse('cryptography>=1.9'), set(['PyOpenSSL']))
# portupgrade -ar --batch
# certbot certonly --standalone -d sun1.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): k100rs4v@smb.net ------------------------------------------------------------------------------- Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at https://acme-v01.api.letsencrypt.org/directory ------------------------------------------------------------------------------- (A)gree/(C)ancel: A ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for sun1.smb.net Cleaning up challenges Problem binding to port 443: Could not bind to IPv4 or IPv6. IMPORTANT NOTES: - Your account credentials have been saved in your Certbot configuration directory at /usr/local/etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. root@sun1:~:17_09_26:10:45 #
# apachectl stop Stopping apache24. Waiting for PIDS: 878. root@sun1:~:17_09_26:10:53 # certbot certonly --standalone -d sun1.smb.net Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: tls-sni-01 challenge for sun1.smb.net Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem Your key file has been saved at: /usr/local/etc/letsencrypt/live/sun1.smb.net/privkey.pem Your cert will expire on 2017-12-25. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le root@sun1:~:17_09_26:10:54 #
root@sun1:/usr/local/etc/letsencrypt:17_09_26:10:57 # ll total 24 drwx------ 3 root wheel 512 Sep 26 10:42 accounts/ drwx------ 3 root wheel 512 Sep 26 10:54 archive/ drwxr-xr-x 2 root wheel 512 Sep 26 10:54 csr/ drwx------ 2 root wheel 512 Sep 26 10:54 keys/ drwx------ 3 root wheel 512 Sep 26 10:54 live/ drwxr-xr-x 2 root wheel 512 Sep 26 10:54 renewal/
#SSLCertificateFile "/usr/local/etc/apache24/server.crt" SSLCertificateFile "/usr/local/etc/letsencrypt/live/sun1.smb.net/fullchain.pem" #SSLCertificateKeyFile "/usr/local/etc/apache24/server.key" SSLCertificateKeyFile "/usr/local/etc/apache24/privkey.pem" ServerName sun1.smb.net:443
Total access 2910:本日 2:昨日 0
