Letsencrypt & FreeBSD


#1

Hi.
Can`t install letsencrypt…
My environment:
FreeBSD 9.3-RELEASE-p8
python2-2_3
python27-2.7.9_1

My actions:
pkg install python27 swig30 pcre libffi augeas
portsnap fetch
portsnap extract
cd /usr/ports/devel/py-setuptools
make install && make clean

ln -s /usr/local/bin/swig3.0 /usr/local/bin/swig
ln -s /usr/local/include/ffi.h /usr/include/ffi.h
ln -s /usr/local/include/ffitarget.h /usr/include/ffitarget.h

cd /letsencrypt-nginx
/usr/local/bin/python2 setup.py build OK

/usr/local/bin/python2 setup.py install

Installed /usr/local/lib/python2.7/site-packages/pyparsing-2.0.3-py2.7.egg
Searching for letsencrypt
Reading https://pypi.python.org/simple/letsencrypt/
Couldn’t find index page for ‘letsencrypt’ (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
No local packages or download links found for letsencrypt
error: Could not find suitable distribution for Requirement.parse(‘letsencrypt’)

Someone overcomed letsencrypt installation on FreeBSD ?
Any ideas?


Split "Issuance and Renwal" into Policy and Technical categories
#2

Try ./letsencrypt-auto ?


#3

./letsencrypt-auto ??? What that?

bash: letsencrypt-auto: not found.

Now, without any extra words.
from https://pypi.python.org/simple/letsencrypt
letsencrypt-0.0.0.dev20151030.tar.gz


/usr/local/bin/python2 setup.py install

Using /usr/local/lib/python2.7/site-packages/ConfigArgParse-0.9.3-py2.7.egg
Finished processing dependencies for letsencrypt==0.0.0.dev20151030

letsencrypt -d mydomain.com auth

File “/usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/openssl/binding.py”, line 13, in
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/_openssl.so:
Undefined symbol “CRYPTO_malloc_debug_init”

letsencrypt run returns a simular result.


/examples]# sh generate-csr.sh mydomain.com
Generating a 2048 bit RSA private key
…+++
…+++
writing new private key to ‘key.pem’

You can now run: letsencrypt auth --csr csr.der
/examples]# letsencrypt auth --csr csr.der

ImportError: /usr/local/lib/python2.7/site-packages/cryptography-1.1-py2.7-freebsd-9.3-RELEASE-p10-amd64.egg/cryptography/hazmat/bindings/_openssl.so: Undefined symbol “CRYPTO_malloc_debug_init”

looks like, the letsencrypt does not working on FreeBSD…


#4

And I can’t do it.

% …/…/letsencrypt/letsencrypt-auto --csr csr.der
Bootstrapping dependencies for FreeBSD…

  • pkg install -Ay augeas libffi
    Updating FreeBSD repository catalogue…
    Fetching meta.txz: 100% 940 B 0.9kB/s 00:01
    Processing entries: 100%
    FreeBSD repository update completed. 24675 packages processed.
    Updating database digests format: 100%
    Processing entries: 100%
    FreeBSD repository update completed. 24675 packages processed.
    Updating database digests format: 100%
    New version of pkg detected; it needs to be installed first.
    The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pkg: 1.6.1_1 -> 1.6.1_2

The process will require 66 B more space.
2 MiB to be downloaded.
Fetching pkg-1.6.1_2.txz: 100% 2 MiB 360.7kB/s 00:07
Checking integrity… done (0 conflicting)
[1/1] Upgrading pkg from 1.6.1_1 to 1.6.1_2…
[1/1] Extracting pkg-1.6.1_2: 100%
Message from pkg-1.6.1_2:
If you are upgrading from the old package format, first run:

pkg2ng

Updating FreeBSD repository catalogue…
FreeBSD repository is up-to-date.
All repositories are up-to-date.
Checking integrity… done (0 conflicting)
The most recent version of packages are already installed
Creating virtual environment…
Updating letsencrypt and virtual environment dependencies…You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.
.You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the ‘pip install --upgrade pip’ command.

Running with virtualenv: sudo /home/ghw/.local/share/letsencrypt/bin/letsencrypt --csr csr.der
Traceback (most recent call last):
File “/home/ghw/.local/share/letsencrypt/bin/letsencrypt”, line 7, in
from letsencrypt.cli import main
File “/home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/letsencrypt/cli.py”, line 15, in
import OpenSSL
File “/home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/init.py”, line 8, in
from OpenSSL import rand, crypto, SSL
File “/home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/rand.py”, line 11, in
from OpenSSL._util import (
File “/home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/OpenSSL/_util.py”, line 6, in
from cryptography.hazmat.bindings.openssl.binding import Binding
File “/home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py”, line 13, in
from cryptography.hazmat.bindings._openssl import ffi, lib
ImportError: /home/ghw/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: Undefined symbol “CMS_decrypt”


#5

By another way, by http://letsencrypt.readthedocs.org/en/stable/


./letsencrypt-auto

 File "/root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/openssl/binding.py", line 13, in <module>
from cryptography.hazmat.bindings._openssl import ffi, lib

ImportError: /root/.local/share/letsencrypt/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so: Undefined symbol “CRYPTO_malloc_debug_init”


Any ideas?


#6

It seems to work correctly on my FreeBSD 10.2

[ghw@digitalocean.pts/0] ~/letsencrypt % ./letsencrypt-auto --agree-dev-preview --authenticator standalone --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email webmaster@gehaowu.com -d gehaowu.com -d www.gehaowu.com auth
Updating letsencrypt and virtual environment dependencies…
Running with virtualenv: sudo /home/ghw/.local/share/letsencrypt/bin/letsencrypt --agree-dev-preview --authenticator standalone --server https://acme-v01.api.letsencrypt.org/directory --rsa-key-size 4096 --email webmaster@gehaowu.com -d gehaowu.com -d www.gehaowu.com auth
An unexpected error occurred.
Error: serverInternal :: The server experienced an internal error :: Error creating new authz
Please see the logfiles in /var/log/letsencrypt for more details.
[ghw@digitalocean.pts/0] ~/letsencrypt % uname -a
FreeBSD digitalocean.gehaowu.com 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
[ghw@digitalocean.pts/0] ~/letsencrypt %


#7

I have it working under 10.2 in a jail. I would build Openssl from ports as the Openssl version on 9.x is the older .9xx version. Make sure that you have sslv2 and sslv3 enabled when building openssl, or you will get a similar error regarding sslv2.

I installed by cloning the github repo and running ./letsencrypt-auto --debug


#8

Theres’s a package available, https://www.freshports.org/security/py-letsencrypt

I’m using it on 10.1. Just run:

pkg install py27-letsencrypt

It’s being installed to /usr/local/bin/letsencrypt