2017

Introducing anvil – Tools for distributing ssl certificates

Leave a Comment / anvil, Let's Encrypt / By /

I’m in the end-stages of finishing off my centralized Let’s Encrypt solution and I’ve released my code as an open source project named anvil. I’ve also created a FreeBSD port. In this post, I outline the anvil tools and how I use them. In future posts, I will detail the individual components, some of which have already appeared in my blog. Why centralized After reading about the FreeBSD cluster’s use of Let’s Encrypt, […]

Introducing anvil – Tools for distributing ssl certificates Read More »

When mv can’t mv – Let’s Encrypt

Leave a Comment / Let's Encrypt / By /

Last night I uploaded my collect-certs code to Gitub. Today, I discovered a problem with invoking mv on multiple files. The code in question is around lines 40-42 and I’m including some of my debugging code here: When I run this script, I see this output: Of note, that’s two errors: one from mv and the second from rmdir. Now, if I manually run that command: /bin/mv -f /var/db/certs-for-rsync/tmp/example.com/* /var/db/certs-for-rsync/certs/example.com … it works.

When mv can’t mv – Let’s Encrypt Read More »

acme.sh: getting free SSL certificates – installation configuration on FreeBSD

Leave a Comment / Let's Encrypt, named, nsupdate, OpenSSL, Security / By /

This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just a short 14 months ago). Why so popular? It provides a secure way to offer free SSL certificates.

acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »

Configuring my BIND/named DNS servers to operate from a hidden master via VPN for Let’s Encrypt

Leave a Comment / DNS, General, named, nsupdate / By /

What is a hidden DNS master? If you need to ask that, this is not the blog post for you. This post assumes you already know how to configure DNS and just want ideas for your own hidden master. It also assumes the networking, VPN, and firewall are pre-configured for this. This blog post is mostly about named/BIND. For the record, I am using bind99-9.9.10P1. In my previous blog post, you’ll see how

Configuring my BIND/named DNS servers to operate from a hidden master via VPN for Let’s Encrypt Read More »

Creating a TXT only nsupdate connection for Let’s Encrypt

Leave a Comment / DNS, named, nsupdate / By /

I’m in the process of designing my own centralized Let’s Encrypt solution. It was Peter Wemm’s blog post about Let’s Encrypt in the FreeBSD cluster which got me started down this road. My rough notes are this this gist. This blog post assumes you are already familiar with Let’s Encrypt and especially with the dns-01 challenge. This previous post might also be useful. In this post, I’ll show you have to generate a

Creating a TXT only nsupdate connection for Let’s Encrypt Read More »

My first big Tarsnap backup

2 Comments / Backups, Open Source, tarsnap / By /

NOTE: I wrote this post nearly two years ago, in May 2015. It has been sitting ignored and unloved in my Drafts. I’ve just published it today. I’m big on backups and I use Bacula. I have about 18 TB on about 350 tapes and about 10 TB of backups on disk. I want more. I last used Tarsnap back in July 2010 (I know that because I found the old Tarsnap registration

My first big Tarsnap backup Read More »

Accessing your Time Capsule when on a different subnet

2 Comments / General / By /

Last night, when I got my FreeBSD & ZFS based Time Capsule running, I had to connect my laptop to the same network as the server in question. This is not ideal. My usual work flow: connect to the WIFI, then connect to the VPN, then I get access to those services. These are different subnets, so the Netatalk broadcast does not traverse the switch. It stays inside so my laptop does not

Accessing your Time Capsule when on a different subnet Read More »

Creating an Apple Time Capsule using FreeBSD & ZFS

Leave a Comment / Backups, ZFS / By /

First, all credit goes to Mark Felder’s blog post upon which this is based. You can buy an Apple Time Capsule (I did) to back up your Mac. Now that I have two MacBook’s, I have run out of space, so now I want to backup to ZFS. By backing up to my ZFS filesystem: I am no longer constrained to the capacity of a single disk I can backup my backups to

Creating an Apple Time Capsule using FreeBSD & ZFS Read More »

x8dtu

Leave a Comment / hardware, ZFS / By /

NOTE: this post has been replaced by a newer version. The older post is still available This is x8dtu (named after the Supermicro motherboard). This will be the new FreshPorts server. In short: FreeBSD 11 booting off a mirrored pair of zfsroot SSDs 4.5TB of mirrored ZFS 196612 MB of RAM (yeah, that’s 196GB of RAM) Supermicro X8TDU motherboard Intel Xeon E5620 @ 2.40GHz (two of those, giving 16 CPUs) NOTE: this post

x8dtu Read More »

r610

Leave a Comment / hardware / By /

I’ve been given a Dell PowerEdge R610. I’ve installed two 30GB SSDs and installed FreeBSD 11 on it. It will become a tape library server. EDIT: 2017.11.29 – the drives, network card, and SAS card have been moved to the R710. The swap: The zpools: Oh, well, that’s a problem. Let’s fix it: There. Fixed. Just. Like. That.™ The filesystems: And dmesg:

r610 Read More »

Scroll to Top