Let's Encrypt tool for generating web server keys

The Let's Encrypt utility is a tool for automatically setting up security keys for domains the user controls. Basically, instead of buying a certificate or creating a self-signed one, the Let's Encrypt tool is supposed to handle setting up a secure domain, free of charge. More details here: https://letsencrypt.org/

The code for Let's Encrypt is available here: https://github.com/letsencrypt/lets-encrypt-preview

Right now Let's Encrypt is written for (and only runs on) Ubuntu. However, some work has been done to get the software running on FreeBSD. This post shows the steps and dependencies required to run Let's Encrypt on a FreeBSD 10 machine: https://github.com/letsencrypt/lets-encrypt-preview/issues/293

Hopefully more people will contribute and fix the remaining issues to make Let's Encrypt truly cross-platform.
 
Hi,

I can’t install letsencrypt.

My actions were:
Code:
# pkg install python27 swig30 pcre libffi augeas
# portsnap fetch
# portsnap extract
# cd /usr/ports/devel/py-setuptools  
# make install && make clean

# ln -s /usr/local/bin/swig3.0 /usr/local/bin/swig
# ln -s /usr/local/include/ffi.h /usr/include/ffi.h
# ln -s /usr/local/include/ffitarget.h /usr/include/ffitarget.h

# cd /letsencrypt-nginx
# /usr/local/bin/python2 setup.py build
   OK

# /usr/local/bin/python2 setup.py install
Installed /usr/local/lib/python2.7/site-packages/pyparsing-2.0.3-py2.7.egg
Searching for letsencrypt
Reading https://pypi.python.org/simple/letsencrypt/
Couldn't find index page for 'letsencrypt' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
No local packages or download links found for letsencrypt
error: Could not find suitable distribution for Requirement.parse('letsencrypt')
Any ideas?
 
Hi cpm,

I want to make a certificate on a virtual Linux machine, and then transfer files to the fighting server, but the port is a better solution. Where I can download it?
 
Hi cpm,

I want to make a certificate on a virtual Linux machine, and then transfer files to the fighting server, but the port is a better solution. Where I can download it?

I didn't start to porting letsencrypt yet. I'll submit it when I got it finished ;)
 
I think, a FreeBSD community will be grateful for your work. We are waiting for!
But dont forget to write here by completion
 
Well, it is too easy now (I used the method of your post 14)! https://letsencrypt.hukadan.org (fingerprint: EB:CA:09:54:37:F7:C4:EC:8B:87:57:44:5E:CC:B8:86:EE:FD:69:4F).

I am looking forward to have them added to trusted CA.

mc0zlsd.png



uQLcJvJ.png
 
Hi, cpm

Got an installation error of the port:

Code:
letsencrypt-nginx]# make install
===>  Staging for letsencrypt-nginx-0.0.0.dev20151008
===>  letsencrypt-nginx-0.0.0.dev20151008 depends on file: /usr/local/sbin/nginx - found
Error a dependency refers to a non existing origin: /usr/ports/security/letsencrypt in RUN_DEPENDS
*** [run-depends] Error code 1

Stop in /root/letsencrypt/letsencrypt-nginx.

Code:
[/usr/ports]# make search name=letsencrypt
[/usr/ports]#
The port`s tree was updated.

Can you help me?
 
Last edited by a moderator:
Hi, cpm

Got an installation error of the port:

Code:
letsencrypt-nginx]# make install
===>  Staging for letsencrypt-nginx-0.0.0.dev20151008
===>  letsencrypt-nginx-0.0.0.dev20151008 depends on file: /usr/local/sbin/nginx - found
Error a dependency refers to a non existing origin: /usr/ports/security/letsencrypt in RUN_DEPENDS
*** [run-depends] Error code 1

Stop in /root/letsencrypt/letsencrypt-nginx.

Code:
[/usr/ports]# make search name=letsencrypt
[/usr/ports]#
The port`s tree was updated.

Can you help me?

Sorry for taking so long to reply, oleg_skat

Well, as you have seen the port has not been committed into the ports tree yet because not all the work is done. So if you want to test it, please, download the shar files from PR 203405 and install it as usual.

Give us some feedback!
 
Hey cpm,

I've downloaded shar-v3 extracted and install letsencrypt

Running /usr/local/bin/letsencrypt -d HOSTNAME auth

I get:
Code:
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt
 
Would you like to write step by step instruction?
Can’t to do anything...

First, once you've downloaded the shar file, uncompress it by running sh filename.shar into the corresponding port category.

Finally, install the port as usually you do (e.g. using portmaster(8) or make install clean).
 
Hey cpm,

I've downloaded shar-v3 extracted and install letsencrypt

Running /usr/local/bin/letsencrypt -d HOSTNAME auth

I get:
Code:
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
    @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
    f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
    working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
    return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
    dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
    raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt

Well, it seems that something went wrong here. Try it using the previous shar file (shar-v2).

We need to investigate further the current problem.
 
Hi cpm,

It was done before, as you wrote. But I want to add some details
Code:
sh shar-v3

$1/{} \; &&  /usr/bin/find -d $0 $2 -type f -exec chmod 444 $1/{} \;' -- . /ports/security/letsencrypt/letsencrypt2/letsencrypt/work/stage/usr/local/share/examples/letsencrypt)
====> Compressing man pages (compress-man)
===>  Installing for letsencrypt-0.0.0.dev20151017
===>  Checking if letsencrypt already installed
===>  Registering installation for letsencrypt-0.0.0.dev20151017
Installing letsencrypt-0.0.0.dev20151017...
---------------------------------------

# pkg info | grep letsencrypt
letsencrypt-0.0.0.dev20151008  ACME client that can update Apache/Nginx configurations
-----------------------------------------------------------
# /usr/local/bin/letsencrypt -d mydomain.com auth
Traceback (most recent call last):
  File "/usr/local/bin/letsencrypt", line 5, in <module>
  from pkg_resources import load_entry_point
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3074, in <module>
  @_call_aside
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3060, in _call_aside
  f(*args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 3087, in _initialize_master_working_set
  working_set = WorkingSet._build_master()
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 647, in _build_master
  return cls._build_from_requirements(__requires__)
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 660, in _build_from_requirements
  dists = ws.resolve(reqs, Environment())
  File "/usr/local/lib/python2.7/site-packages/pkg_resources/__init__.py", line 833, in resolve
  raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'acme==0.0.0.dev20151017' distribution was not found and is required by letsencrypt

Is the same way, as Jimlad

Code:
/usr/ports/devel/acme]# make install
===>  acme-091 is marked as broken: Does not fetch.
*** [install] Error code 1

Stop in /ports/devel/acme.

And

Code:
shar-v2

====> Compressing man pages (compress-man)
===>  Installing for letsencrypt-0.0.0.dev20151008
===>  Checking if letsencrypt already installed
===>  Registering installation for letsencrypt-0.0.0.dev20151008
Installing letsencrypt-0.0.0.dev20151008...


letsencrypt -d mydomain.com auth
..............
File "/usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/_openssl.so: Undefined symbol "CRYPTO_malloc_debug_init"

What I have to do? Do I have to install py-acme from sources?
 
Just FYI oleg_skat, the port devel/acme is not the "Automated Certificate Management Environment" implementation, its a crossassembler.

Thanks cpm I will try your recommendation as per comment #14

Thank you for you continued work.
 
Back
Top