search for: dehydration

Am 10.01.19 um 14:09 schrieb Rowland Penny via samba: > You don't ;-) > You do what the script should have done (I feel version 0.8.10 will > soon make an appearance), export the cache to use <export > KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever > '/tmp/dhcp-dyndns.cc' appears, except for: > [...] Yes, that worked.

Hai, Thank you for sharing this very apriciated. If i may, a few small suggestion, to make is little bit better to read/understand. In this line: samba-tool domain exportkeytab --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab @YOUR.DOMAIN could you change this to : @YOUR.REALM Because of this. ( per example ) DNS domain =

On Mon, 14 Jan 2019 10:49:43 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Thank you for sharing this very apriciated. > > If i may, a few small suggestion, to make is little bit better to > read/understand. > > In this line: > samba-tool domain exportkeytab > --principal=dehydrated-service at YOUR.DOMAIN

(@Rowland) > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > > SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD Its not obligated to have REALM the same as the DnsDomain.

Hai Rowland, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 12:48 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 12:13:19 +0100 >

Just to clarify, your hook allows dehydrated to lookup DNS to an internal Samba (or Bind_DLZ) server for DNS-01 verification in certificate generation? Kris Lou klou at themusiclink.net On Tue, Jan 15, 2019 at 2:13 AM Jakob Lenfers via samba < samba at lists.samba.org> wrote: > Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > > > Whilst it is quite correct to say that

So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot

yacinechaouche at yahoo.com writes: > Interesting. Is there any particular benefit in having only one file > for both certificate and private key ? I find that putting private key > in a separate file feels more secure. It's convenient to have key and cert in one place if you don't need the certificate to be publically readable. Keeping it in separate files would add slightly

If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >

Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > [...] I'll let you discuss this with Louis, I'm barely following anymore and try to add everything when you're done ;) > If you do

Am 09.01.19 um 14:01 schrieb Rowland Penny via samba: > Try reading this: > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 > > It's for DHCP updating dns records, but it uses a dedicated user and > kerberos, so it should help you. Thats exactly what I wanted, thanks. Just a little problem, "samba-tool [...] -k yes" after

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 13:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 13:03:42 +0100 > "L.P.H.

Hi, I created a script to add DNS entries with samba-tool (for LetsEncrypt, as a dehydrated hook.) Works fine, but I have the password for the dedicated user to do that in the script in the clear. I think I read somewhere something about doing it with kerberos, but I never used kerberos and don't know where to start. Is there any good way to be doing this? Thanks, Jakob

On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutlr wrote: >So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. > >I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. > >After some moments of confusion I noticed that dovecot had been running since before the renewal, so I

Hello, does local_name in TLS SNI context support regex? for example: local_name example-(foo|bar).com { ssl_cert = </var/lib/dehydrated/certs/example.com/fullchain.pem ssl_key = </var/lib/dehydrated/certs/example.com/privkey.pem } Best regards

Hey. Thanks again for your help. I took the "dovecot -n" while the StartSSL Certificate was active, so the chain.pem was correct. Finally I found the issue! :-) But I still have no idea why the problem happens with Thunderbird. I used dehydrated to fetch the certificates from Let's Encrypt and as I said, it works for most clients pretty well. (Tried: Mulberry, Claws Mail, Outlook

On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future

> On Feb 20, 2017, at 4:01 PM, Joseph Tam <jtam.home at gmail.com> wrote: > > yacinechaouche at yahoo.com writes: > >> Interesting. Is there any particular benefit in having only one file >> for both certificate and private key ? I find that putting private key >> in a separate file feels more secure. > > It's convenient to have key and cert in one

> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: donderdag 10 januari 2019 14:09 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba-tool auth in scripts > > On Thu, 10 Jan 2019 11:42:46 +0100 > Jakob Lenfers <lenfers at bigsss-bremen.de> wrote: > > > Am

> That's one of the reasons I don't like Let's Encrypt, with one year certs it is easier to look at the certs and see what is going to expire in the coming month needing a new private key. I use dehydrated (with Cloudflare DNS challenges) and as far as I know, it seems to generate a new private key every time. All newly generated certs are generated with the timestamp in the