Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved]

On Mon, 5 Jun 2017, Matthew D. Fuller wrote: > On Sun, Jun 04, 2017 at 09:48:02PM + I heard the voice of > Marcin Cieslak, and lo! it spake thus: > > > > My temporary solution to this problem is to pin the CA certificate > > in the port itself: > > Err... > > > -FETCH_ENV=

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved]

On Sun, Jun 04, 2017 at 09:48:02PM + I heard the voice of Marcin Cieslak, and lo! it spake thus: > > My temporary solution to this problem is to pin the CA certificate > in the port itself: Err... > -FETCH_ENV= HTTP_AUTH=basic:*:I\ accept\ www.opensource.org/licenses/cpl:. >

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how? [somehow solved]

On Thu, 1 Jun 2017, Marcin Cieslak wrote: > => Attempting to fetch > https://distfile.net/local-ports-distfiles/INIT.2014-12-24.tgz > Certificate verification failed for /C=US/O=Let's Encrypt/CN=Let's Encrypt > Authority X3 > 34374329736:error:14090086:SSL >

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

On Thu, 1 Jun 2017, Adam Weinberger wrote: > I've tried fetching a distfile from my own server (which uses a Let's Encrypt > cert) and it fetches fine in a poudriere jail. I'm suspecting that there's > something unusual in your web server's SSL configuration, or in how you're > generating your

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

> On 1 Jun, 2017, at 21:15, Jov wrote: > > what's your /etc/ssl/cert.pem? > mine is: > ls -l /etc/ssl/cert.pem > lrwxr-xr-x 1 root wheel 38 4月 29 09:15 /etc/ssl/cert.pem@ -> > /usr/local/share/certs/ca-root-nss.crt > > you can use this command to get more ssl connection

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

what's your /etc/ssl/cert.pem? mine is: ls -l /etc/ssl/cert.pem lrwxr-xr-x 1 root wheel 38 4月 29 09:15 /etc/ssl/cert.pem@ -> /usr/local/share/certs/ca-root-nss.crt you can use this command to get more ssl connection info: openssl s_client -connect :443 Jov blog: http:amutu.com/blog

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

On Thu, 1 Jun 2017, Freddie Cash wrote: > In your web server configuration, are you using the Let's Encrypt cert.pem > or fullchain.pem? fullchain.pem > If you use the former, then any client that doesn't have the DST Root CA > pre-installed will error out. The latest versions of browsers will

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

On Jun 1, 2017 4:06 PM, "Marcin Cieslak" wrote: On Thu, 1 Jun 2017, Jov wrote: > can you dowload the file distfiles/INIT.2014-12-24.tgz > using > browser such as chrome？ Yes, Firefox, IE11, no certificate

Re: Hosting distfiles on HTTPS w/Let's Encrypt - how?

can you dowload the file distfiles/INIT.2014-12-24.tgz using browser such as chrome？ be sure to use full chain cert file，I rember I had similar problem and use full chain cert fixed. 2017年6月1日 8:01 AM，"Marcin Cieslak"

Hosting distfiles on HTTPS w/Let's Encrypt - how?

Hello, I have posted my port's local distfiles to a machine that is serving them with SSL behind the Let's Encrypt certificate (https://distfile.net). This is SSL-only. However, poudriere fails on certificate check when trying to fetch it: ===