|
|
| (не показана 1 промежуточная версия этого же участника) |
| Строка 9: |
Строка 9: |
| Установка пакета (предварительная установка менеджера пакетов PKG не требуется, дополнительная информация о котором в статье [[PKG]]): | | Установка пакета (предварительная установка менеджера пакетов PKG не требуется, дополнительная информация о котором в статье [[PKG]]): |
| # pkg install py311-certbot-nginx | | # pkg install py311-certbot-nginx |
| Updating FreeBSD repository catalogue...
| | |
| FreeBSD repository is up to date.
| | Получение сертификата: |
| All repositories are up to date.
| | # certbot certonly --standalone -d mydomain.ru |
| The following 29 package(s) will be affected (of 0 checked):
| |
|
| |
| New packages to be INSTALLED:
| |
| gettext-runtime: 0.23.1
| |
| indexinfo: 0.3.1_1
| |
| libffi: 3.4.6
| |
| mpdecimal: 4.0.0
| |
| py311-acme: 3.1.0,1
| |
| py311-certbot: 3.1.0,1
| |
| py311-certbot-nginx: 3.1.0
| |
| py311-certifi: 2025.1.31
| |
| py311-cffi: 1.17.1
| |
| py311-charset-normalizer: 3.4.1_1
| |
| py311-configargparse: 1.5.3_1
| |
| py311-configobj: 5.0.9
| |
| py311-cryptography: 42.0.8_7,1
| |
| py311-distro: 1.9.0
| |
| py311-idna: 3.10
| |
| py311-josepy: 1.15.0
| |
| py311-openssl: 24.1.0_1,1
| |
| py311-parsedatetime: 2.6_1
| |
| py311-pycparser: 2.22
| |
| py311-pyparsing: 3.2.1
| |
| py311-pyrfc3339: 1.1_1
| |
| py311-pysocks: 1.7.1_1
| |
| py311-pytz: 2024.2_1,1
| |
| py311-requests: 2.32.3
| |
| py311-setuptools: 63.1.0_2
| |
| py311-six: 1.17.0
| |
| py311-urllib3: 1.26.20,1
| |
| python311: 3.11.11
| |
| readline: 8.2.13_2
| |
|
| |
| Number of packages to be installed: 29
| |
|
| |
| The process will require 241 MiB more space.
| |
| 33 MiB to be downloaded.
| |
|
| |
| Proceed with this action? [y/N]: y
| |
| [1/29] Fetching py311-urllib3-1.26.20,1.pkg: 100% 241 KiB 247.1kB/s 00:01
| |
| [2/29] Fetching indexinfo-0.3.1_1.pkg: 100% 6 KiB 6.0kB/s 00:01
| |
| [3/29] Fetching py311-pyparsing-3.2.1.pkg: 100% 218 KiB 223.7kB/s 00:01
| |
| [4/29] Fetching mpdecimal-4.0.0.pkg: 100% 156 KiB 159.5kB/s 00:01
| |
| [5/29] Fetching py311-cryptography-42.0.8_7,1.pkg: 100% 1 MiB 1.2MB/s 00:01
| |
| [6/29] Fetching py311-cffi-1.17.1.pkg: 100% 282 KiB 288.8kB/s 00:01
| |
| [7/29] Fetching py311-certifi-2025.1.31.pkg: 100% 161 KiB 164.8kB/s 00:01
| |
| [8/29] Fetching py311-distro-1.9.0.pkg: 100% 32 KiB 32.7kB/s 00:01
| |
| [9/29] Fetching py311-configargparse-1.5.3_1.pkg: 100% 37 KiB 37.7kB/s 00:01
| |
| [10/29] Fetching py311-configobj-5.0.9.pkg: 100% 69 KiB 70.6kB/s 00:01
| |
| [11/29] Fetching py311-certbot-nginx-3.1.0.pkg: 100% 182 KiB 186.7kB/s 00:01
| |
| [12/29] Fetching py311-pycparser-2.22.pkg: 100% 230 KiB 235.3kB/s 00:01
| |
| [13/29] Fetching py311-pytz-2024.2_1,1.pkg: 100% 173 KiB 177.5kB/s 00:01
| |
| [14/29] Fetching py311-pysocks-1.7.1_1.pkg: 100% 32 KiB 32.6kB/s 00:01
| |
| [15/29] Fetching py311-pyrfc3339-1.1_1.pkg: 100% 10 KiB 10.0kB/s 00:01
| |
| [16/29] Fetching py311-six-1.17.0.pkg: 100% 27 KiB 27.5kB/s 00:01
| |
| [17/29] Fetching py311-acme-3.1.0,1.pkg: 100% 184 KiB 188.6kB/s 00:01
| |
| [18/29] Fetching libffi-3.4.6.pkg: 100% 45 KiB 46.0kB/s 00:01
| |
| [19/29] Fetching readline-8.2.13_2.pkg: 100% 397 KiB 406.2kB/s 00:01
| |
| [20/29] Fetching py311-charset-normalizer-3.4.1_1.pkg: 100% 91 KiB 93.4kB/s 00:01
| |
| [21/29] Fetching py311-requests-2.32.3.pkg: 100% 120 KiB 122.4kB/s 00:01
| |
| [22/29] Fetching py311-certbot-3.1.0,1.pkg: 100% 905 KiB 926.4kB/s 00:01
| |
| [23/29] Fetching py311-parsedatetime-2.6_1.pkg: 100% 76 KiB 77.7kB/s 00:01
| |
| [24/29] Fetching gettext-runtime-0.23.1.pkg: 100% 230 KiB 235.7kB/s 00:01
| |
| [25/29] Fetching py311-openssl-24.1.0_1,1.pkg: 100% 107 KiB 109.3kB/s 00:01
| |
| [26/29] Fetching python311-3.11.11.pkg: 100% 27 MiB 4.7MB/s 00:06
| |
| [27/29] Fetching py311-josepy-1.15.0.pkg: 100% 65 KiB 66.3kB/s 00:01
| |
| [28/29] Fetching py311-setuptools-63.1.0_2.pkg: 100% 1 MiB 1.5MB/s 00:01
| |
| [29/29] Fetching py311-idna-3.10.pkg: 100% 104 KiB 106.6kB/s 00:01
| |
| Checking integrity... done (0 conflicting)
| |
| [1/29] Installing indexinfo-0.3.1_1...
| |
| [1/29] Extracting indexinfo-0.3.1_1: 100%
| |
| [2/29] Installing gettext-runtime-0.23.1...
| |
| [2/29] Extracting gettext-runtime-0.23.1: 100%
| |
| [3/29] Installing libffi-3.4.6...
| |
| [3/29] Extracting libffi-3.4.6: 100%
| |
| [4/29] Installing mpdecimal-4.0.0...
| |
| [4/29] Extracting mpdecimal-4.0.0: 100%
| |
| [5/29] Installing readline-8.2.13_2...
| |
| [5/29] Extracting readline-8.2.13_2: 100%
| |
| [6/29] Installing python311-3.11.11...
| |
| [6/29] Extracting python311-3.11.11: 100%
| |
| [7/29] Installing py311-certifi-2025.1.31...
| |
| [7/29] Extracting py311-certifi-2025.1.31: 100%
| |
| [8/29] Installing py311-charset-normalizer-3.4.1_1...
| |
| [8/29] Extracting py311-charset-normalizer-3.4.1_1: 100%
| |
| [9/29] Installing py311-configargparse-1.5.3_1...
| |
| [9/29] Extracting py311-configargparse-1.5.3_1: 100%
| |
| [10/29] Installing py311-distro-1.9.0...
| |
| [10/29] Extracting py311-distro-1.9.0: 100%
| |
| [11/29] Installing py311-idna-3.10...
| |
| [11/29] Extracting py311-idna-3.10: 100%
| |
| [12/29] Installing py311-parsedatetime-2.6_1...
| |
| [12/29] Extracting py311-parsedatetime-2.6_1: 100%
| |
| [13/29] Installing py311-pycparser-2.22...
| |
| [13/29] Extracting py311-pycparser-2.22: 100%
| |
| [14/29] Installing py311-cffi-1.17.1...
| |
| [14/29] Extracting py311-cffi-1.17.1: 100%
| |
| [15/29] Installing py311-cryptography-42.0.8_7,1...
| |
| [15/29] Extracting py311-cryptography-42.0.8_7,1: 100%
| |
| [16/29] Installing py311-openssl-24.1.0_1,1... | |
| [16/29] Extracting py311-openssl-24.1.0_1,1: 100%
| |
| [17/29] Installing py311-josepy-1.15.0...
| |
| [17/29] Extracting py311-josepy-1.15.0: 100%
| |
| [18/29] Installing py311-pyparsing-3.2.1...
| |
| [18/29] Extracting py311-pyparsing-3.2.1: 100%
| |
| [19/29] Installing py311-pysocks-1.7.1_1...
| |
| [19/29] Extracting py311-pysocks-1.7.1_1: 100%
| |
| [20/29] Installing py311-pytz-2024.2_1,1...
| |
| [20/29] Extracting py311-pytz-2024.2_1,1: 100%
| |
| [21/29] Installing py311-pyrfc3339-1.1_1...
| |
| [21/29] Extracting py311-pyrfc3339-1.1_1: 100%
| |
| [22/29] Installing py311-setuptools-63.1.0_2...
| |
| [22/29] Extracting py311-setuptools-63.1.0_2: 100%
| |
| [23/29] Installing py311-six-1.17.0...
| |
| [23/29] Extracting py311-six-1.17.0: 100%
| |
| [24/29] Installing py311-configobj-5.0.9...
| |
| [24/29] Extracting py311-configobj-5.0.9: 100%
| |
| [25/29] Installing py311-urllib3-1.26.20,1...
| |
| [25/29] Extracting py311-urllib3-1.26.20,1: 100%
| |
| [26/29] Installing py311-requests-2.32.3...
| |
| [26/29] Extracting py311-requests-2.32.3: 100%
| |
| [27/29] Installing py311-acme-3.1.0,1...
| |
| [27/29] Extracting py311-acme-3.1.0,1: 100%
| |
| [28/29] Installing py311-certbot-3.1.0,1...
| |
| [28/29] Extracting py311-certbot-3.1.0,1: 100%
| |
| [29/29] Installing py311-certbot-nginx-3.1.0...
| |
| [29/29] Extracting py311-certbot-nginx-3.1.0: 100%
| |
| =====
| |
| Message from python311-3.11.11:
| |
|
| |
| --
| |
| Note that some standard Python modules are provided as separate ports
| |
| as they require additional dependencies. They are available as:
| |
|
| |
| py311-gdbm databases/py-gdbm@py311
| |
| py311-sqlite3 databases/py-sqlite3@py311
| |
| py311-tkinter x11-toolkits/py-tkinter@py311
| |
| =====
| |
| Message from py311-urllib3-1.26.20,1:
| |
|
| |
| --
| |
| Since version 1.25 HTTPS connections are now verified by default which is done
| |
| via "cert_reqs = 'CERT_REQUIRED'". While certificate verification can be
| |
| disabled via "cert_reqs = 'CERT_NONE'", it's highly recommended to leave it on.
| |
|
| |
| Various consumers of net/py-urllib3 already have implemented routines that
| |
| either explicitly enable or disable HTTPS certificate verification (e.g. via
| |
| configuration settings, CLI arguments, etc.).
| |
|
| |
| Yet it may happen that there are still some consumers which don't explicitly
| |
| enable/disable certificate verification for HTTPS connections which could then
| |
| lead to errors (as is often the case with self-signed certificates).
| |
|
| |
| In case of an error one should try first to temporarily disable certificate
| |
| verification of the problematic urllib3 consumer to see if that approach will
| |
| remedy the issue.
| |
| =====
| |
| Message from py311-certbot-3.1.0,1:
| |
|
| |
| --
| |
| This port installs the "standalone" client only, which does not use and
| |
| is not the certbot-auto bootstrap/wrapper script.
| |
|
| |
| The simplest form of usage to obtain certificates is:
| |
|
| |
| # sudo certbot certonly --standalone -d <domain>, [domain2, ... domainN]>
| |
|
| |
| NOTE:
| |
|
| |
| The client requires the ability to bind on TCP port 80 or 443 (depending
| |
| on the --preferred-challenges option used). If a server is running on that
| |
| port, it will need to be temporarily stopped so that the standalone server
| |
| can listen on that port to complete the challenge authentication process.
| |
|
| |
| For more information on the 'standalone' mode, see:
| |
|
| |
| https://certbot.eff.org/docs/using.html#standalone
| |
|
| |
| The certbot plugins to support apache and nginx certificate installation
| |
| will be made available in the following ports:
| |
|
| |
| * Apache plugin: security/py-certbot-apache
| |
| * Nginx plugin: security/py-certbot-nginx
| |
|
| |
| In order to automatically renew the certificates, add this line to
| |
| /etc/periodic.conf:
| |
|
| |
| weekly_certbot_enable="YES"
| |
|
| |
| Mo
| |
| re config details in the certbot periodic script:
| |
|
| |
| /usr/local/etc/periodic/weekly/500.certbot-3.11
| |
|
| |
|
| == Получение сертификата для сайта на Nginx == | | == Получение сертификата для сайта на Nginx == |
Установка security/py-certbot
Certbot — это инструмент для автоматического получения и установки сертификатов X.509 для включения TLS на серверах. Клиент будет взаимодействовать с центром сертификации Let's Encrypt, который будет выдавать бесплатные сертификаты, доверенные браузеру.
Установка security/py-certbot-nginx
Это plug-in для Nginx.
Установка пакета (предварительная установка менеджера пакетов PKG не требуется, дополнительная информация о котором в статье PKG):
# pkg install py311-certbot-nginx
Получение сертификата:
# certbot certonly --standalone -d mydomain.ru
Получение сертификата для сайта на Nginx
Получение сертификата:
# certbot --nginx -d site.mydomain.ru
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): ***@mail.ru
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: y
Account registered.
Requesting a certificate for site.mydomain.ru
Successfully received certificate.
Certificate is saved at: /usr/local/etc/letsencrypt/live/site.mydomain.ru/fullchain.pem
Key is saved at: /usr/local/etc/letsencrypt/live/site.mydomain.ru/privkey.pem
This certificate expires on 2025-07-27.
These files will be updated when the certificate renews.
Deploying certificate
Successfully deployed certificate for mailadmin.bsdhowto.ru to /usr/local/etc/nginx/site.mydomain.ru.conf
Congratulations! You have successfully enabled HTTPS on https://site.mydomain.ru
NEXT STEPS:
- The certificate will need to be renewed before it expires. Certbot can automatically renew the certificate in the background, but you may need to take steps to enable that
functionality. See https://certbot.org/renewal-setup for instructions.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Включение автоматического обновления сертификатов
# echo 'weekly_certbot_enable="YES"' >> /etc/periodic.conf