Re: chromebook
Boot the machine with the correct arch NetBSD image. When it boots, pick your keyboard layout and drop to console. Check #dmesg Then check #pcictl pci0 list for a hardware list and see if everything is supported. Alternative, wait and see if someone else is using on of those. Den ons 23 okt. 2019 07:40황병희 skrev: > hi i am new to netbsd forum. i have very ole chromebook, samsung series > 5, codename is alex. there is people using chromebook with netbsd? i > just curios,,, > > Sincerely, > > -- > ^고맙습니다 _地平天成_ 감사합니다_^))// >
chromebook
hi i am new to netbsd forum. i have very ole chromebook, samsung series 5, codename is alex. there is people using chromebook with netbsd? i just curios,,, Sincerely, -- ^고맙습니다 _地平天成_ 감사합니다_^))//
Re: Letsencrypt certificates
> pkgsrc Masters, what's the story? Because the package is used by other packages. https://www.netbsd.org/docs/pkgsrc/creating.html#creating.python-module Another reason is pkgsrc builder can choose to use different python version so potentially (for some packages) could have the software installed multiple times for different pythons. But I do prefer in this case to just have package called "certbot" available.
Re: Letsencrypt certificates
Greetings, I run multiple web servers on several distinct machines in each of four different domains, which makes the Letsencrypt proposition very attractive. After trying Certbot without much success, I lit upon acme.sh, which offers the possiblity of authentication using nsupdate(1). However the process fails, and the relevant error messages says: Error add txt for domain:_acme-challenge.prd.co.uk It is not clear if you already have working DNSSEC key to use with nsupdate or not. I assume you have one. Try to use environment variables export NSUPDATE_SERVER=ns3.prd.co.uk export NSUPDATE_KEY=key.private before running acme.sh. Script will take them for updating zone. To check this you can issue: # nsupdate -k key.private > server > > update add foo.bar.prd.co.uk 3600 in cname prd.co.uk > > update delete foo.bar.prd.co.uk > Do not forget additional after each "update". I note that the man page for nsupdate(1) says: To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. nsupdate does not read /etc/named.conf. I am trying to work out whether that means that the keyfile contents must be manually added to the zone file, because in named.conf I have an include line for update.key which contains the path to that key, so it should be there already. It may not. It is possible to store key in named.conf for named and have it in file to use with nsupdate. I note that on the acme.sh site there is a long list of *nix-style OSs on which success has been reported, but not NetBSD. I use it on lot of NetBSD servers (7 and 8) for long in production. I even told them, but they do not add NetBSD in supported platform. -- Dima Veselov Physics R Establishment of Saint-Petersburg University
Re: Letsencrypt certificates
Steve Blinkhorn wrote in <20191022172649.d5d52b36...@viking.prd.co.uk>: |Isn't it a strange idea to have packages named first for the language |they're written in and only second by a name that suggests their |function? Is Python a cult, I begin to wonder, forcing people to read |through lists of unwanted names in the hope of finding what they want. |Come back, L. Ron Hubbard, all is forgiven. | |Thanks, may give it a try if current approach fails. I use dehydrated from the very start (when it was named let's encrypt still). It just works ever since, with two short interrupts, because i use an old version which is <40KB. One patch to update to the new protocol that came in a few years back, and one bugfix related to HTTP/2 usage of curl (which then uses lowercase HTTP headers). It only needs bash, openssl, and curl. If you want the version i use, just send a mail. --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
Re: Letsencrypt certificates
Steve Blinkhorn wrote: > I run multiple web servers on several distinct machines in each of four > different domains, which makes the Letsencrypt proposition very > attractive. After trying Certbot without much success, I lit upon > acme.sh, which offers the possiblity of authentication using > nsupdate(1). FWIW, certbot from pkgsrc works for me (py27-certbot-0.27.0 on NetBSD 7.2). -- Andreas Gustafsson, g...@gson.org
Re: Letsencrypt certificates
I realize I didn't answer your question. You shouldn't need to do all SIG(0) style with KEY record. Ignore that. Use the "key" in named.conf with allow-update or update-policy.
Re: Letsencrypt certificates
> I am trying to work out whether that means that the keyfile > contents must be manually added to the zone file, because in > named.conf I have an include line for update.key which contains the > path to that key, so it should be there already. Do you also have your zone configured to allow updates (with allow-update or update-policy)? Make sure you can use nsupdate manually at the command line to update the zone without using acme.sh first.
Letsencrypt certificates
I run multiple web servers on several distinct machines in each of four different domains, which makes the Letsencrypt proposition very attractive. After trying Certbot without much success, I lit upon acme.sh, which offers the possiblity of authentication using nsupdate(1). However the process fails, and the relevant error messages says: Error add txt for domain:_acme-challenge.prd.co.uk I note that the man page for nsupdate(1) says: To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server. nsupdate does not read /etc/named.conf. I am trying to work out whether that means that the keyfile contents must be manually added to the zone file, because in named.conf I have an include line for update.key which contains the path to that key, so it should be there already. I note that on the acme.sh site there is a long list of *nix-style OSs on which success has been reported, but not NetBSD. -- Steve Blinkhorn