I have used certbot for many years and have never found a good configuration that I like that does auto updates. I am using wildcard domains with command certbot certonly --manual -d domain.com -d '*.domain.com' so the normal automatic update can not be used unless you use an additional script...
This topic provides a solution on how to make own Proxy serwer, on a FreeBSD operating system, using Stunnel validated with public-key cryptography between Stunnel server and Stunnel client, for use by a web browser. The primary benefit is that, unlike other VPN, the client does not require...
Freebsd 13.1, nginx/1.22.0, certbot 1.29.0
If I use
and server block is in /usr/local/etc/nginx/nginx.conf
cerbot install cert correctly
When I move server block to separate files servers/domain.com.conf
and use in main config
My servers/domain.com.conf is
Of course the...
Hi everyone. I'd like to set two jails with each hosting a domain of mine, with HTTPS/TLS support on nginx.
My case is;
My Dedicated Server/Host IP: 22.214.171.124 (External Public IP Addr) (has also PF activated and running without Jails' support, anything with any jail, at the moment)
Jail 1 -...
Hello everyone ! I want to set up ssl protocol for my local web server that i started with apache24. What should i do ? Which conf's should i edit ? What are the commands etc. This will help a lot. Btw. i have 2 .cer , 1 .crt , 1.p7b certificate file.
I'm trying to setup port multiplexing using sslh importantly I have to use that nice 'transparent' feature that makes traffic from sslh distributed locally to look like it comes from external interface. It looks something like this :
Browser[A]-----------[http/ssl]-------> sslh[B 443]...
In /etc/make.conf, I would like to set openssl, security/libressl or security/nss over security/gnutls, and know whether security/libressl can coexist with Openssl.
In make.conf, this is what I have in mind
Libressl has a reputation for being better than...
I am working on setting up SSL on apache24 web server on my local network with a self signed certificate.
I am able to confirm it is working with curl and openssl (see the details below), however I am not able to get it working with firefox.
I imported my self signed cert to firefox, however...
Hi, first of all I want to thanks for this community, this forum have rich content.
Is possible to send a command from the main host to jail host?
Like this: ezjail-admin console WEBSERVER | nginx -s reload
I want to restart a service and check status, so I think I need to do this via...
We've been getting net::ERR_SPDY_PROTOCOL_ERROR on mostly chrome when serving video files. In the beginning we thought that issue is with Chrome browser but after testing it further we found that video serving working perfect on Debian but error is only occuring on Freebsd.
The way we're...
Note: this post is amended because the updated port security/acme.sh is now using its own convention home directory /var/db/acme with dedicated user/group acme:acme
The idea is to limit the use of elevated privileges as much as possible.
- What is this about?
Hello, I am trying to build nginx from ports, but I don't want dependency to openssl from ports. I want "base" FreeBSD openssl.
Default nginx package has no dependency to external openssl package.
I am building in a jail.
I have this in make.conf:
I have a problem setting up OpenLDAP server 2.4.44 on latest FreeBSD 10.3.
The server has been installed form ports with the standard options, the same machine is also CA for my internal domain.
When I try to start slapd this is the error I get:
Attempting to retrieve email via qpopper with TLS/SSL (pop3s on port 995, plain text password) enabled using the SeaMonkey and Apple Mail mail clients fails with the qpopper log showing the same failure mode:
Apr 11 22:47:24 shadow qpopper: OpenSSL error during handshake
Apr 11 22:47:24...
There were so many discussions regarding similar issues. I've read them, but still cannot figure out what's happened recently that I cannot access Forums from my home network using various browsers.
I've rebooted my modem to get a new IP. Also checked both old and new IPs with...