Bug 215722 - security/acme-client possibly missing dependency
Summary: security/acme-client possibly missing dependency
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: Bernard Spil
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-03 06:22 UTC by pete
Modified: 2017-03-26 10:49 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (brnrd)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description pete 2017-01-03 06:22:11 UTC
I am having an odd issue where it seems acme-client is failing to run correctly due to /etc/ssl/cert.pem missing:

# acme-client -vNn foo.bar.com
acme-client: /usr/local/etc/acme/privkey.pem: account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/privkey.pem: domain key exists (not creating)
acme-client: /etc/ssl/cert.pem: No such file or directory
acme-client: bad exit: netproc(2515): 1


I've followed the man page pretty closely, and I have installed LibreSSL on this system as well.  I've not been able to find any reference to having to create a cert.pem file before running acme-client.  Hopefully this is pebkac, but if not I'd like to help debug/test.

Cheers!



OS Rel Info:
$ uname -ar
FreeBSD webster 11.0-RELEASE-p2 FreeBSD 11.0-RELEASE-p2 #0: Mon Oct 24 06:55:27 UTC 2016     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64

Pkg Info:
$ pkg info acme-client
acme-client-0.1.15
Name           : acme-client
Version        : 0.1.15
Comment 1 Melvyn Sopacua 2017-01-03 15:10:46 UTC
What does:

pkg query '%Ok=%Ov' ca_root_nss

give you?
Comment 2 pete 2017-01-03 17:23:39 UTC
(In reply to Melvyn Sopacua from comment #1)
Ah - that was the hint I needed.  After installing the ca_root_nss package the acme-client binary seems to be working as expected.

Would it be advisable to add a dependency for ca_root_nss to acme-client, or perhaps add a message after installation that you'll need to have valid certs on your system?

Thanks!
Comment 3 commit-hook freebsd_committer 2017-03-26 10:48:06 UTC
A commit references this bug:

Author: brnrd
Date: Sun Mar 26 10:47:45 UTC 2017
New revision: 436954
URL: https://svnweb.freebsd.org/changeset/ports/436954

Log:
  security/acme-client:	Add run-time dep on ca_root_nss

    - acme-client fails at runtime if CA roots not installed

  PR:		215722
  Reported by:	pete@nomadlogic.org

Changes:
  head/security/acme-client/Makefile