I noticed some double timestamps in my logs recently. They started just after I upgraded the host to FreeBSD 12, but I am not convinced they are related. This is from /var/log/messsages: Jan 22 21:41:40 knew 1 2019-01-22T21:41:40.760533+00:00 knew.int.unixathome.org pkg 89351 – – py36-iocage-devel upgraded: 1.0.0.20181219,1 -> 1.0.0.20190122,1 They started late yesterday, this is from […]
Today I gave up on my attempt to allow relay via SSL certificate fingerprints. Instead, I will use sasl auth. Yesterday I wrote about my SMTP deliver test which broke when an SSL certificate was updated. Later that day, I finished writing scripts which delivered that fingerprint file to all hosts which needed it. Today, […]
Let’s Encrypt is an easy way to get free SSL certificates in an automated manner. You may never have to manually do another cert renewal again. Last night, I received this email: From: Cron Daemon To: dan@langille.org Subject: Cron /usr/local/bin/cert-puller Date: Fri, 23 Feb 2018 23:57:00 +0000 (UTC) /etc/rc.conf: 3: not found /etc/rc.conf: yr: not […]
In the past, I’ve written about using acme.sh to automatically generate SSL certificates and distribute them to the required locations. I do this in a single central location, and the websites and mail servers grab their new certs from a webserver. At the time of writing, I was using FreeBSD 11.1 and acme.sh 2.7.4, supplied […]
In general, passphrase-less ssh keys are a security nightmare. It is similar to leaving the key to your front door in the lock. Anyone stumbling across it has access to your house. Similarly, if someone gets your ssh key, and there is no passphrase on it, they can use that key for anything which grants […]
I have already described how I use acme.sh to obtain SSL certificates from Let’s Encrypt. Today, I’m going to show you how I use anvil to copy those certificates from the original location to another directory, which is then used for rsync by another jail. Throughout this blog post, it is assumed that the cert-shifter […]
It seems that when I decided to send a filesystem from one server to another, I neglected to establish sufficient space existed. This morning, before I headed to BSDCan, I found that my server was very sluggish and slow to respond. Nagios was flagging all kinds of errors, some of which I’d never seen before. […]