Currently dehydrated is executed weekly which causes the OCSP information to expire. Could you please change it to have dehydrated to be executed daily? Or at least make it configureable that users having OCSP file do not get problems? Thanks a lot!
I'll look into this.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=8b99252493ebd9ad3c26b430af4de57021c46e6e commit 8b99252493ebd9ad3c26b430af4de57021c46e6e Author: Koichiro Iwao <meta@FreeBSD.org> AuthorDate: 2024-03-06 04:04:02 +0000 Commit: Koichiro Iwao <meta@FreeBSD.org> CommitDate: 2024-03-06 04:28:44 +0000 security/dehydrated: Update to 0.7.1-6-g4fd777e Also add another periodic file to run dehydrated more frequent than weekly because OSCP response file should be updated before expiry [1]. PR: 277409 Reported by: mfechner [1] security/dehydrated/Makefile | 16 ++++---- security/dehydrated/distinfo | 6 +-- .../dehydrated/files/000.dehydrated.daily.in (new) | 46 ++++++++++++++++++++++ ...{000.dehydrated.in => 000.dehydrated.weekly.in} | 0 security/dehydrated/files/pkg-message.in | 11 ++++++ security/dehydrated/pkg-plist | 1 + 6 files changed, 69 insertions(+), 11 deletions(-)
(In reply to Matthias Fechner from comment #0) I added another periodic file for daily run. Not the port supports both weekly and daily run. Try this instead. daily_dehydrated_enable="YES"
(In reply to Koichiro Iwao from comment #3) Thanks a lot, I upgrade the new version already. Now I need to wait if ocsp files get updated. They will expire in 136 hours.
It is working perfectly fine. Thanks a lot!
It's my pleasure!