pkg install -y py37-certbot py37-certbot-apache Updating FreeBSD repository catalogue... FreeBSD repository is up to date. All repositories are up to date. The following 29 package(s) will be affected (of 0 checked): New packages to be INSTALLED: augeas: 1.12.0_1 py37-acme: 1.3.0,1 py37-asn1crypto: 1.3.0 py37-certbot: 1.3.0,1 py37-certbot-apache: 1.3.0 py37-certifi: 2020.4.5.1 py37-cffi: 1.14.0 py37-chardet: 3.0.4_3 py37-configargparse: 1.2 py37-configobj: 5.0.6_1 py37-cryptography: 2.6.1 py37-distro: 1.4.0_1 py37-idna: 2.8 py37-josepy: 1.3.0 py37-mock: 3.0.5 py37-openssl: 19.0.0 py37-parsedatetime: 2.5 py37-pycparser: 2.19 py37-pyrfc3339: 1.1 py37-pysocks: 1.7.1 py37-python-augeas: 1.0.3 py37-pytz: 2019.3,1 py37-requests: 2.22.0 py37-requests-toolbelt: 0.8.0_1 py37-six: 1.14.0 py37-urllib3: 1.25.7,1 py37-zope.component: 4.2.2 py37-zope.event: 4.1.0 py37-zope.interface: 4.6.0 Number of packages to be installed: 29 The process will require 30 MiB more space. 8 MiB to be downloaded. [1/29] Fetching py37-certbot-1.3.0,1.txz: 100% 282 KiB 289.1kB/s 00:01 [2/29] Fetching py37-certbot-apache-1.3.0.txz: 100% 113 KiB 116.0kB/s 00:01 [3/29] Fetching py37-distro-1.4.0_1.txz: 100% 23 KiB 23.1kB/s 00:01 [4/29] Fetching py37-openssl-19.0.0.txz: 100% 86 KiB 88.1kB/s 00:01 [5/29] Fetching py37-cryptography-2.6.1.txz: 100% 348 KiB 356.4kB/s 00:01 [6/29] Fetching py37-six-1.14.0.txz: 100% 19 KiB 19.5kB/s 00:01 [7/29] Fetching py37-cffi-1.14.0.txz: 100% 204 KiB 208.6kB/s 00:01 [8/29] Fetching py37-pycparser-2.19.txz: 100% 163 KiB 167.3kB/s 00:01 [9/29] Fetching py37-asn1crypto-1.3.0.txz: 100% 159 KiB 162.8kB/s 00:01 [10/29] Fetching py37-josepy-1.3.0.txz: 100% 74 KiB 75.6kB/s 00:01 [11/29] Fetching py37-acme-1.3.0,1.txz: 100% 58 KiB 59.6kB/s 00:01 [12/29] Fetching py37-requests-toolbelt-0.8.0_1.txz: 100% 4 MiB 4.7MB/s 00:01 [13/29] Fetching py37-requests-2.22.0.txz: 100% 82 KiB 84.2kB/s 00:01 [14/29] Fetching py37-chardet-3.0.4_3.txz: 100% 152 KiB 155.2kB/s 00:01 [15/29] Fetching py37-certifi-2020.4.5.1.txz: 100% 146 KiB 149.7kB/s 00:01 [16/29] Fetching py37-urllib3-1.25.7,1.txz: 100% 161 KiB 164.7kB/s 00:01 [17/29] Fetching py37-pysocks-1.7.1.txz: 100% 24 KiB 24.4kB/s 00:01 [18/29] Fetching py37-idna-2.8.txz: 100% 62 KiB 63.0kB/s 00:01 [19/29] Fetching py37-pytz-2019.3,1.txz: 100% 157 KiB 160.4kB/s 00:01 [20/29] Fetching py37-pyrfc3339-1.1.txz: 100% 8 KiB 8.1kB/s 00:01 [21/29] Fetching py37-zope.interface-4.6.0.txz: 100% 192 KiB 196.4kB/s 00:01 [22/29] Fetching py37-zope.component-4.2.2.txz: 100% 91 KiB 93.6kB/s 00:01 [23/29] Fetching py37-zope.event-4.1.0.txz: 100% 8 KiB 7.8kB/s 00:01 [24/29] Fetching py37-parsedatetime-2.5.txz: 100% 57 KiB 58.5kB/s 00:01 [25/29] Fetching py37-configobj-5.0.6_1.txz: 100% 51 KiB 52.2kB/s 00:01 [26/29] Fetching py37-configargparse-1.2.txz: 100% 26 KiB 26.9kB/s 00:01 [27/29] Fetching py37-python-augeas-1.0.3.txz: 100% 21 KiB 21.2kB/s 00:01 [28/29] Fetching augeas-1.12.0_1.txz: 100% 677 KiB 693.0kB/s 00:01 [29/29] Fetching py37-mock-3.0.5.txz: 100% 42 KiB 42.6kB/s 00:01 Checking integrity... done (0 conflicting) [1/29] Installing py37-pycparser-2.19... [1/29] Extracting py37-pycparser-2.19: 100% [2/29] Installing py37-six-1.14.0... [2/29] Extracting py37-six-1.14.0: 100% [3/29] Installing py37-cffi-1.14.0... [3/29] Extracting py37-cffi-1.14.0: 100% [4/29] Installing py37-asn1crypto-1.3.0... [4/29] Extracting py37-asn1crypto-1.3.0: 100% [5/29] Installing py37-cryptography-2.6.1... [5/29] Extracting py37-cryptography-2.6.1: 100% [6/29] Installing py37-openssl-19.0.0... [6/29] Extracting py37-openssl-19.0.0: 100% [7/29] Installing py37-certifi-2020.4.5.1... [7/29] Extracting py37-certifi-2020.4.5.1: 100% [8/29] Installing py37-pysocks-1.7.1... [8/29] Extracting py37-pysocks-1.7.1: 100% [9/29] Installing py37-idna-2.8... [9/29] Extracting py37-idna-2.8: 100% [10/29] Installing py37-chardet-3.0.4_3... [10/29] Extracting py37-chardet-3.0.4_3: 100% [11/29] Installing py37-urllib3-1.25.7,1... [11/29] Extracting py37-urllib3-1.25.7,1: 100% [12/29] Installing py37-requests-2.22.0... [12/29] Extracting py37-requests-2.22.0: 100% [13/29] Installing py37-pytz-2019.3,1... [13/29] Extracting py37-pytz-2019.3,1: 100% [14/29] Installing py37-josepy-1.3.0... [14/29] Extracting py37-josepy-1.3.0: 100% [15/29] Installing py37-requests-toolbelt-0.8.0_1... [15/29] Extracting py37-requests-toolbelt-0.8.0_1: 100% [16/29] Installing py37-pyrfc3339-1.1... [16/29] Extracting py37-pyrfc3339-1.1: 100% [17/29] Installing py37-zope.interface-4.6.0... [17/29] Extracting py37-zope.interface-4.6.0: 100% [18/29] Installing py37-zope.event-4.1.0... [18/29] Extracting py37-zope.event-4.1.0: 100% [19/29] Installing py37-distro-1.4.0_1... [19/29] Extracting py37-distro-1.4.0_1: 100% [20/29] Installing py37-acme-1.3.0,1... [20/29] Extracting py37-acme-1.3.0,1: 100% [21/29] Installing py37-zope.component-4.2.2... [21/29] Extracting py37-zope.component-4.2.2: 100% [22/29] Installing py37-parsedatetime-2.5... [22/29] Extracting py37-parsedatetime-2.5: 100% [23/29] Installing py37-configobj-5.0.6_1... [23/29] Extracting py37-configobj-5.0.6_1: 100% [24/29] Installing py37-configargparse-1.2... [24/29] Extracting py37-configargparse-1.2: 100% [25/29] Installing augeas-1.12.0_1... [25/29] Extracting augeas-1.12.0_1: 100% [26/29] Installing py37-certbot-1.3.0,1... [26/29] Extracting py37-certbot-1.3.0,1: 100% [27/29] Installing py37-python-augeas-1.0.3... [27/29] Extracting py37-python-augeas-1.0.3: 100% [28/29] Installing py37-mock-3.0.5... [28/29] Extracting py37-mock-3.0.5: 100% [29/29] Installing py37-certbot-apache-1.3.0... [29/29] Extracting py37-certbot-apache-1.3.0: 100% ===== Message from py37-urllib3-1.25.7,1: -- Since version 1.25 HTTPS connections are now verified by default which is done via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on. Various consumers of net/py-urllib3 already have implemented routines that either explicitly enable or disable HTTPS certificate verification (e.g. via configuration settings, CLI arguments, etc.). Yet it may happen that there are still some consumers which don't explicitly enable/disable certificate verification for HTTPS connections which could then lead to errors (as is often the case with self-signed certificates). In case of an error one should try first to temporarily disable certificate verification of the problematic urllib3 consumer to see if that approach will remedy the issue. ===== Message from py37-certbot-1.3.0,1: -- This port installs the "standalone" client only, which does not use and is not the certbot-auto bootstrap/wrapper script. The simplest form of usage to obtain certificates is: # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]> NOTE: The client requires the ability to bind on TCP port 80 or 443 (depending on the --preferred-challenges option used). If a server is running on that port, it will need to be temporarily stopped so that the standalone server can listen on that port to complete the challenge authentication process. For more information on the 'standalone' mode, see: https://certbot.eff.org/docs/using.html#standalone The certbot plugins to support apache and nginx certificate installation will be made available in the following ports: * Apache plugin: security/py-certbot-apache * Nginx plugin: security/py-certbot-nginx In order to automatically renew the certificates, add this line to /etc/periodic.conf: weekly_certbot_enable="YES"
vim /usr/local/etc/apache24/httpd.conf # Secure (SSL/TLS) connections Include etc/apache24/extra/httpd-ssl.conf LoadModule ssl_module libexec/apache24/mod_ssl.so
vim /usr/local/etc/apache24/httpd.conf # Virtual hosts Include etc/apache24/extra/httpd-vhosts.conf
vim /usr/local/etc/apache24/extra/httpd-vhosts.conf ########## nuxbsd.duckdns.org ########## <VirtualHost *:80> ServerAdmin admin@nuxbsd.duckdns.org DocumentRoot "/usr/local/www/apache24/data/nuxbsd.duckdns.org" ServerName nuxbsd.duckdns.org ServerAlias www.nuxbsd.duckdns.org ErrorLog "/var/log/nuxbsd.duckdns.org-error_log" CustomLog "/var/log/nuxbsd.duckdns.org-access_log" common </VirtualHost> mkdir /usr/local/www/apache24/data/nuxbsd.duckdns.org chown -R www:www /usr/local/www/apache24/data/nuxbsd.duckdns.org
vim /usr/local/etc/apache24/httpd.conf LoadModule alias_module libexec/apache24/mod_alias.so LoadModule rewrite_module libexec/apache24/mod_rewrite.so LoadModule php7_module libexec/apache24/libphp7.so # Third party modules IncludeOptional etc/apache24/modules.d/[0-9][0-9][0-9]_*.conf
vim /usr/local/etc/apache24/extra/httpd-vhosts.conf #RewriteEngine on #RewriteCond %{SERVER_NAME} =www.nuxbsd.duckdns.org [OR] #RewriteCond %{SERVER_NAME} =nuxbsd.duckdns.org #RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
vim /usr/local/etc/apache24/extra/httpd-ssl.conf <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin admin@ywww.nuxbsd.duckdns.org DocumentRoot "/usr/local/www/apache24/data/nuxbsd.duckdns.org" ServerName nuxbsd.duckdns.org ServerAlias www.nuxbsd.duckdns.org ErrorLog "/var/log/www.nuxbsd.duckdns.org-error_log" CustomLog "/var/log/www.nuxbsd.duckdns.org-access_log" common Include /usr/local/etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile "/usr/local/etc/letsencrypt/live/nuxbsd.duckdns.org/fullchain.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/nuxbsd.duckdns.org/privkey.pem" </VirtualHost> </IfModule>
OpenBSD
SSLCertificateFile "/etc/letsencrypt/live/nuxbsd.duckdns.org/fullchain.pem" SSLCertificateKeyFile "/etc/letsencrypt/live/nuxbsd.duckdns.org/privkey.pem"