Anybody using security/acme.sh might want to upgrade: security/acme.sh runs arbitrary commands from a remote server!
If you're using HiCA, you surely want to revoke & renew your certs (with a more trustworthy CA).
See this GitHub issue: https://github.com/acmesh-official/acme.sh/issues/4659
Is it possible to restart www/apache24 from crontab after successfully renewing letsencrypt certs with security/acme.sh?
This is what I have now (run each night 03:00):
* 3 * * * /usr/local/sbin/acme.sh --cron >> /var/log/acme.cron.log
Hi fellow enthusiasts,
I wrote a short article on securing a FreeBSD 12 web server with nginx, php-fpm and mysql 8 by focusing on website isolation. Specifically, the goal was to create different php-fpm pools for each nginx virtual server, with them sharing a unique socket for each website. In...
I recently moved to a new server. After installing security/acme.sh and moving all the config files over, acme.sh no longer reads it's configuration file when issuing commands.
I've moved everything (config/certs) to the proper location (/var/db/acme/).
This no longer works, and used to before...
Note: this post is amended because the updated port security/acme.sh is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme
The idea is to limit the use of elevated privileges as much as possible.
- What is this about?