From owner-freebsd-questions@freebsd.org Sun Mar 7 17:31:20 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id CFFE956D345 for ; Sun, 7 Mar 2021 17:31:20 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from smtpq6.tb.mail.iss.as9143.net (smtpq6.tb.mail.iss.as9143.net [212.54.42.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4DtpRW6XvFz3JDW for ; Sun, 7 Mar 2021 17:31:19 +0000 (UTC) (envelope-from freebsd@boosten.org) Received: from [212.54.42.135] (helo=smtp11.tb.mail.iss.as9143.net) by smtpq6.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIxFN-00061J-Cy; Sun, 07 Mar 2021 18:31:17 +0100 Received: from 84-25-247-31.cable.dynamic.v4.ziggo.nl ([84.25.247.31] helo=smtp.boosten.org) by smtp11.tb.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1lIxFN-0003EZ-64; Sun, 07 Mar 2021 18:31:17 +0100 Received: from mailserver.boosten.org (localhost [127.0.0.1]) by smtp.boosten.org (Postfix) with ESMTP id D4749251E7; Sun, 7 Mar 2021 18:31:16 +0100 (CET) X-Virus-Scanned: amavisd-new at boosten.org Received: from amon.boosten.org (amon.boosten.org [192.168.13.105]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.boosten.org (Postfix) with ESMTPSA id 9384D250F6; Sun, 7 Mar 2021 18:31:14 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.boosten.org 9384D250F6 From: freebsd@boosten.org Message-Id: Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\)) Subject: Re: acme.sh issue, cert date invalid, but no errors from letsencrypt Date: Sun, 7 Mar 2021 18:31:14 +0100 In-Reply-To: Cc: David Mehler To: freebsd-questions References: X-Mailer: Apple Mail (2.3654.60.0.2.21) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.4 cv=Rcnzt3hv c=1 sm=1 tr=0 ts=60450de5 cx=a_exe a=JWBJsaPp29SgP5DpYRBqZw==:17 a=dESyimp9J3IA:10 a=pGLkceISAAAA:8 a=3YSJtkrpA_gmEjRMJ60A:9 a=QEXdDO2ut3YA:10 a=DNuvpsW7X6wCQGiV:21 a=_W_S_7VecoQA:10 a=BPzZvq435JnGatEyYwdK:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 4DtpRW6XvFz3JDW X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.50 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:212.54.32.0/19]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[boosten.org:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[boosten.org,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; RECEIVED_SPAMHAUS_PBL(0.00)[84.25.247.31:received]; RCVD_TLS_LAST(0.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[212.54.42.169:from]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; MID_RHS_MATCH_FROM(0.00)[]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; RCVD_COUNT_FIVE(0.00)[5]; R_DKIM_ALLOW(-0.20)[boosten.org:s=myselector]; NEURAL_HAM_LONG(-1.00)[-1.000]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; SPAMHAUS_ZRD(0.00)[212.54.42.169:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_NO_DN(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[212.54.42.169:from]; RWL_MAILSPIKE_POSSIBLE(0.00)[212.54.42.169:from]; FREEMAIL_CC(0.00)[gmail.com]; MAILMAN_DEST(0.00)[freebsd-questions] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.34 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Mar 2021 17:31:20 -0000 > Op 7 mrt. 2021, om 17:48 heeft David Mehler = het volgende geschreven: >=20 > I've also looked at the file creation date they're the new certs > issued yesterday, but checking them with openssl shows as I said the > not after november 2020 date. >=20 > Suggestions welcome. So let=E2=80=99s retrace everything. I=E2=80=99ve been looking at my = setup. I check by cron if new certs are available, daily. If acme.sh finds new = certs, in puts them in /var/db/acme/certs// There are now other directories in there, it always overwrites old ones = with new ones.=20 I then use Dan Langille=E2=80=99s anvil-port to pull them to my jails = (sent-puller, also by cron), where they are stored in=20 /usr/local/etc/ssl of that jail. After putting them there, cert-puller automatically restarts the = service(s) that rely on the certs. Of course, all my applications point = to those certs. Please describe your setup. Peter =E2=80=94 It never hurts to help=20 - Eek the Cat!