Bug 244922 - security/lego: Setup instructions/scripts doesn't match
Summary: security/lego: Setup instructions/scripts doesn't match
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-19 20:53 UTC by daniel.engberg.lists
Modified: 2020-03-23 07:43 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (matt)


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description daniel.engberg.lists 2020-03-19 20:53:08 UTC
Something seems to have changed between versions:

The certificates are generated using the deploy.sh script

--== lego.sh ==--
BASEDIR="/usr/local/etc/lego"
SSLDIR="/usr/local/etc/ssl/lego"
DOMAINSFILE="${BASEDIR}/domains.txt"

--== deploy.sh ==--
SSLDIR="/usr/local/etc/ssl"

--== periodic.conf ==--
weekly_lego_enable="YES"
weekly_lego_renewscript="/usr/local/etc/lego/lego.sh"
weekly_lego_deployscript="/usr/local/etc/lego/deploy.sh"
weekly_output=/var/log/weekly.log

Running periodic weekly show this:

Checking Let's Encrypt certificate status:
Deploying Let's Encrypt certificates:
cp: /usr/local/etc/ssl/certs/domain1.crt: No such file or directory
cp: /usr/local/etc/ssl/private/domain1.key: No such file or directory
cp: /usr/local/etc/ssl/certs/domain2.crt: No such file or directory
cp: /usr/local/etc/ssl/private/domain2.key: No such file or directory

These files are located in /usr/local/etc/ssl/lego/certificates/ without any sub directories:

-rw-------  1 _lego  _lego  3332 Mar 19 17:56 domain1.crt
-rw-------  1 _lego  _lego  1648 Mar 19 17:56 domain1.issuer.crt
-rw-------  1 _lego  _lego   239 Mar 19 17:56 domain1.json
-rw-------  1 _lego  _lego   288 Mar 19 17:56 domain1.key
-rw-------  1 _lego  _lego  3336 Mar 19 17:56 domain2.crt
-rw-------  1 _lego  _lego  1648 Mar 19 17:56 domain2.issuer.crt
-rw-------  1 _lego  _lego   241 Mar 19 17:56 domain2.json
-rw-------  1 _lego  _lego   288 Mar 19 17:56 domain2.key

Perhaps I'm missing something obvious here?
Comment 1 daniel.engberg.lists 2020-03-19 20:56:09 UTC
...and I should of course also add version used, 3.4.0.
I apologize missing that crucial information.
Comment 2 Matthew Horan 2020-03-22 19:14:45 UTC
(In reply to daniel.engberg.lists from comment #1)

Thanks for the report! I think this is just the deploy script failing (lego itself is fine). It looks like the deploy script presumes that /usr/local/etc/ssl/{certs,private} directories exist. Can you try creating those and then run periodic?
Comment 3 daniel.engberg.lists 2020-03-23 07:43:49 UTC
Hi,

Yes, that seems to have fixed the issue.

Thanks,
Daniel