nsupdate

Use of K* file pairs for HMAC is deprecated – acme.sh

On Wednesday Oct 6th, I was greeted by these log messages: This is the output from the cronjob run by the acme user in my jail called certs. This is the daily run to renew any certificates which are soon to expire. This is the job in question: [19:36 certs dan ~] % sudo crontab […]

Use of K* file pairs for HMAC is deprecated – acme.sh Read More »

nsupdate – update failed: REFUSED

A while back, the https://www.freebsddiary.org/topics.php#opteron – the colo facility was purchased and the new owners are not interested in donating services to open source projects. That host also acted as a DNS host for all my domain. I pressed a small VPS into service. It handled the query services fine, but updates were sluggish. It

nsupdate – update failed: REFUSED Read More »

Adding IPv6 to an Nginx website on FreeBSD / FreshPorts

FreshPorts recently moved to an IPv6-capable server but until today, that capability has not been utilized. There were a number of things I had to configure, but this will not necessarily be an exhaustive list for you to follow. Some steps might be missing, and it might not apply to your situation. All of this

Adding IPv6 to an Nginx website on FreeBSD / FreshPorts Read More »

acme.sh: getting free SSL certificates – installation configuration on FreeBSD

This blog post describes my Let’s Encrypt solution which uses acme.sh and dns-01 challenges to obtain SSL certificates. If you are using HTTP challenges, this post might still be useful, but your configuration will differ slightly. Let’s Encrypt is a certificate authority which has become wildly popular since it was launched in April 2016 (just

acme.sh: getting free SSL certificates – installation configuration on FreeBSD Read More »

Configuring my BIND/named DNS servers to operate from a hidden master via VPN for Let’s Encrypt

What is a hidden DNS master? If you need to ask that, this is not the blog post for you. This post assumes you already know how to configure DNS and just want ideas for your own hidden master. It also assumes the networking, VPN, and firewall are pre-configured for this. This blog post is

Configuring my BIND/named DNS servers to operate from a hidden master via VPN for Let’s Encrypt Read More »

Creating a TXT only nsupdate connection for Let’s Encrypt

I’m in the process of designing my own centralized Let’s Encrypt solution. It was Peter Wemm’s blog post about Let’s Encrypt in the FreeBSD cluster which got me started down this road. My rough notes are this this gist. This blog post assumes you are already familiar with Let’s Encrypt and especially with the dns-01

Creating a TXT only nsupdate connection for Let’s Encrypt Read More »

Scroll to Top