Security

Today, about a nearly two weeks after making some config changes for some Let’s Encrypt certs, today I saw new-to-me messages: In this post: FreeBSD 15.0 acme.sh-3.1.3_1 Looking up that URL, I found: Let’s see: root@certs:/var/db/acme/certs # host acme-v02.api.acmeencrypt.org Host acme-v02.api.acmeencrypt.org not found: 3(NXDOMAIN) root@certs:/var/db/acme/certs # Oh. I posted on Mastodon before proceeding. First things first. Priority matters. Then I went into /var/db/acme/certs/r720-02-pg01.example.org/r720-02-pg01.example.org.conf and made this change: In short, acmeencrypt became letsencrypt. I […]

For a few days now, the cronjob which runs acme.sh to renew my Let’s Encrypt certificates was tossing out errors for the same two certs. Today, I went looking in the logs. In this post: FreeBSD 15.0 acme.sh-3.1.3_1 hostnames have been altered to obscure those actually in use – the real reason I do this is to trigger the security by obscurity zealots The cronjob My cronjob looks like this: The logs The

Today, while mucking about with a new cronjob and log file for acme.sh, I stumbled across these error messages: Why was I stumbling around? This email arrived after the daily cert renewal: Three skips. Three error messages. Let’s look at that file: [18:37 certs dan ~] % sudo ls -l /var/db/acme/certs.int.unixathome.org.key -rw-r—– 1 root acme 116 Oct 6 20:21 /var/db/acme/certs.int.unixathome.org.key That should be readable. I checked some ZFS snapshots from earlier this week.