From owner-freebsd-questions@freebsd.org Sat Jul 28 13:16:58 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8818910516FD for ; Sat, 28 Jul 2018 13:16:58 +0000 (UTC) (envelope-from olivier2553@gmail.com) Received: from mail-qk0-x22b.google.com (mail-qk0-x22b.google.com [IPv6:2607:f8b0:400d:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 25F498E52D for ; Sat, 28 Jul 2018 13:16:58 +0000 (UTC) (envelope-from olivier2553@gmail.com) Received: by mail-qk0-x22b.google.com with SMTP id d22-v6so5076168qkc.8 for ; Sat, 28 Jul 2018 06:16:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=rk6eLpGmlgrrjA/LCFdRQSSHsrfagC60T47JF1VmNh0=; b=uaSIkX+RTY9xb5yhmc+2cKzRsXlKYnhpFXRMdeUXnLPnOm9S6qMn96xESL0APUECZp plFF602Mz4ewUsBBC8J8Gg6/kXURKsHquPry/ekNm/mQ/HCdaAfHYU4EYVGDaZOFcCjG Azix4wEq/2KB1xIW6OWFQwA56nGTPrzyNMl28M9Z12M0AHPyQdYTlOyrNR/ZDSjOOHYl DHwENpeOir9P+xce5bZMoEHl8nPgMdk0lPykmFBSd14wA7aR/9YniG0HQaFtI48Y1hXm 4dEy2JrgRq9gcUAPQXdqyB/RVP5VlmH6mxfs/DD4ZdBmzzTcM13ztnzHbo3ttJIyE4xM uP9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=rk6eLpGmlgrrjA/LCFdRQSSHsrfagC60T47JF1VmNh0=; b=T4iBvun0/nr0HohlCvnkt+dlC41fL9h+hG8NfwHTbK19AjtA6g/dgr6WqNK0dnqiIS a3xHf+aUqJSlypyfzVvv3434uLzI08ShkpYw9Fadrpd+R0BzzjrwDrLsfAkKzK1hlpQU M+ZlpQYct4YrFPVEO1BCRQPNekUn8ZyIRzxlKteApQr0e1bpwFOKu93ngWHGWNwP0sNa uGIN6fKgRVU8wBN3gr1XMGbdHZREQLU6jJ/lm9gNxBN/IurOciBYAShE5QhgaUyc8RbD ZpCa3rquJQQXfZYDkMCPNOvriMfnBSzFwKgpCkTIvgWigHNwWSi7UTCVmmJ0VpXVWUJl CdZA== X-Gm-Message-State: AOUpUlFpz3X7br9K1UhOMIr7PfyuB8Lay+UUxkT+B1JbfZJmNTBEgZJT E9VW1RezdqZfxN/affaxOLTftgG20+kO1LzNA3Y= X-Google-Smtp-Source: AAOMgpcQfsR/lrAJ0W45+XMiOw3fQ35t4IjKCwhfUPJXQery7OlvDj2fADJFrX6ROPF8DCDNh/+Sv/z44xuN5Mh8YcM= X-Received: by 2002:a37:72c4:: with SMTP id n187-v6mr9588146qkc.103.1532783817672; Sat, 28 Jul 2018 06:16:57 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ac8:518f:0:0:0:0:0 with HTTP; Sat, 28 Jul 2018 06:16:56 -0700 (PDT) In-Reply-To: References: From: Olivier Nicole Date: Sat, 28 Jul 2018 20:16:56 +0700 Message-ID: Subject: Re: acme.sh and certificate deployment To: David Mehler Cc: freebsd-questions Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 28 Jul 2018 13:16:58 -0000 > I like the fact that acme.sh can do a wildcard certificate as I only > need one for the tld and not x for all subdomains. I do like that fact > that it also can handle ECC curves. If I remember well what I read about wildcard certificates, and unless it has changed, only DNS authentication is supported. So unless you wrote your full script deployment, you have to do it by hand because the challenge to put in DNS is changing each time you want to renew. But it is very straight forward to use LE certificates for Apache, Postfix and I have not tried Dovecot :0 Best luck, Olivier