Let's Encrypt tool for generating web server keys

NewGuy

Well-Known Member

Reaction score: 73
Messages: 301

The Let's Encrypt utility is a tool for automatically setting up security keys for domains the user controls. Basically, instead of buying a certificate or creating a self-signed one, the Let's Encrypt tool is supposed to handle setting up a secure domain, free of charge. More details here: https://letsencrypt.org/

The code for Let's Encrypt is available here: https://github.com/letsencrypt/lets-encrypt-preview

Right now Let's Encrypt is written for (and only runs on) Ubuntu. However, some work has been done to get the software running on FreeBSD. This post shows the steps and dependencies required to run Let's Encrypt on a FreeBSD 10 machine: https://github.com/letsencrypt/lets-encrypt-preview/issues/293

Hopefully more people will contribute and fix the remaining issues to make Let's Encrypt truly cross-platform.
 

oleg_skat

Member

Reaction score: 1
Messages: 51

Hi,

I can’t install letsencrypt.

My actions were:
Code:
# pkg install python27 swig30 pcre libffi augeas
# portsnap fetch
# portsnap extract
# cd /usr/ports/devel/py-setuptools  
# make install && make clean

# ln -s /usr/local/bin/swig3.0 /usr/local/bin/swig
# ln -s /usr/local/include/ffi.h /usr/include/ffi.h
# ln -s /usr/local/include/ffitarget.h /usr/include/ffitarget.h

# cd /letsencrypt-nginx
# /usr/local/bin/python2 setup.py build
   OK

# /usr/local/bin/python2 setup.py install
Installed /usr/local/lib/python2.7/site-packages/pyparsing-2.0.3-py2.7.egg
Searching for letsencrypt
Reading https://pypi.python.org/simple/letsencrypt/
Couldn't find index page for 'letsencrypt' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
No local packages or download links found for letsencrypt
error: Could not find suitable distribution for Requirement.parse('letsencrypt')
Any ideas?
 

oleg_skat

Member

Reaction score: 1
Messages: 51

Hi cpm,

I want to make a certificate on a virtual Linux machine, and then transfer files to the fighting server, but the port is a better solution. Where I can download it?
 

cpm@

Moderator
Staff member
Moderator
Developer

Reaction score: 943
Messages: 2,140

Hi cpm,

I want to make a certificate on a virtual Linux machine, and then transfer files to the fighting server, but the port is a better solution. Where I can download it?
I didn't start to porting letsencrypt yet. I'll submit it when I got it finished ;)
 

oleg_skat

Member

Reaction score: 1
Messages: 51

I think, a FreeBSD community will be grateful for your work. We are waiting for!
But dont forget to write here by completion
 

oleg_skat

Member

Reaction score: 1
Messages: 51

Hi, cpm

Got an installation error of the port:

Code:
letsencrypt-nginx]# make install
===>  Staging for letsencrypt-nginx-0.0.0.dev20151008
===>  letsencrypt-nginx-0.0.0.dev20151008 depends on file: /usr/local/sbin/nginx - found
Error a dependency refers to a non existing origin: /usr/ports/security/letsencrypt in RUN_DEPENDS
*** [run-depends] Error code 1

Stop in /root/letsencrypt/letsencrypt-nginx.
Code:
[/usr/ports]# make search name=letsencrypt
[/usr/ports]#
The port`s tree was updated.

Can you help me?
 
Last edited by a moderator:

cpm@

Moderator
Staff member
Moderator
Developer

Reaction score: 943
Messages: 2,140

Hi, cpm

Got an installation error of the port:

Code:
letsencrypt-nginx]# make install
===>  Staging for letsencrypt-nginx-0.0.0.dev20151008
===>  letsencrypt-nginx-0.0.0.dev20151008 depends on file: /usr/local/sbin/nginx - found
Error a dependency refers to a non existing origin: /usr/ports/security/letsencrypt in RUN_DEPENDS
*** [run-depends] Error code 1

Stop in /root/letsencrypt/letsencrypt-nginx.
Code:
[/usr/ports]# make search name=letsencrypt
[/usr/ports]#
The port`s tree was updated.

Can you help me?
Sorry for taking so long to reply, oleg_skat

Well, as you have seen the port has not been committed into the ports tree yet because not all the work is done. So if you want to test it, please, download the shar files from PR 203405 and install it as usual.

Give us some feedback!
 

Jimlad

Member

Reaction score: 1
Messages: 24

Hey cpm,

I've downloaded shar-v3 extracted and install letsencrypt

Running /usr/local/bin/letsencrypt -d HOSTNAME auth

I get:
Code:
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt
 

cpm@

Moderator
Staff member
Moderator
Developer

Reaction score: 943
Messages: 2,140

Would you like to write step by step instruction?
Can’t to do anything...
First, once you've downloaded the shar file, uncompress it by running sh filename.shar into the corresponding port category.

Finally, install the port as usually you do (e.g. using portmaster(8) or make install clean).
 

cpm@

Moderator
Staff member
Moderator
Developer

Reaction score: 943
Messages: 2,140

Hey cpm,

I've downloaded shar-v3 extracted and install letsencrypt

Running /usr/local/bin/letsencrypt -d HOSTNAME auth

I get:
Code:
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt
Well, it seems that something went wrong here. Try it using the previous shar file (shar-v2).

We need to investigate further the current problem.
 

oleg_skat

Member

Reaction score: 1
Messages: 51

Hi cpm,

It was done before, as you wrote. But I want to add some details
Code:
sh shar-v3

$1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 444 $1/{} \;' -- . /ports/security/letsencrypt/letsencrypt2/letsencrypt/work/stage/usr/local/share/examples/letsencrypt)
====> Compressing man pages (compress-man)
===>  Installing for letsencrypt-0.0.0.dev20151017
===>  Checking if letsencrypt already installed
===>  Registering installation for letsencrypt-0.0.0.dev20151017
Installing letsencrypt-0.0.0.dev20151017...
---------------------------------------

# pkg info | grep letsencrypt
letsencrypt-0.0.0.dev20151008  ACME client that can update Apache/Nginx configurations
-----------------------------------------------------------
# /usr/local/bin/letsencrypt -d mydomain.com auth
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
  from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
  @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
  f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
  working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
  return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
  dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
  raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt
Is the same way, as Jimlad

Code:
/usr/ports/devel/acme]# make install
===>  acme-091 is marked as broken: Does not fetch.
*** [install] Error code 1

Stop in /ports/devel/acme.
And

Code:
shar-v2

====> Compressing man pages (compress-man)
===>  Installing for letsencrypt-0.0.0.dev20151008
===>  Checking if letsencrypt already installed
===>  Registering installation for letsencrypt-0.0.0.dev20151008
Installing letsencrypt-0.0.0.dev20151008...


letsencrypt -d mydomain.com auth
..............
File "/usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/_openssl.so: Undefined symbol "CRYPTO_malloc_debug_init"
What I have to do? Do I have to install py-acme from sources?
 

cpm@

Moderator
Staff member
Moderator
Developer

Reaction score: 943
Messages: 2,140

oleg_skat, Jimlad,

To install letsencrypt right now, please, see my comment #14.

See also the following note, here.

Thanks for your patience!
 

Jimlad

Member

Reaction score: 1
Messages: 24

Just FYI oleg_skat, the port devel/acme is not the "Automated Certificate Management Environment" implementation, its a crossassembler.

Thanks cpm I will try your recommendation as per comment #14

Thank you for you continued work.
 
Top