search for: dehydration

Displaying 20 results from an estimated 68 matches for "dehydration".

Did you mean: rehydration
2019 Jan 11
5
samba-tool auth in scripts
Am 10.01.19 um 14:09 schrieb Rowland Penny via samba: > You don't ;-) > You do what the script should have done (I feel version 0.8.10 will > soon make an appearance), export the cache to use <export > KRB5CCNAME="/tmp/dhcp-dyndns.cc"> and then use '$KRB5CCNAME' wherever > '/tmp/dhcp-dyndns.cc' appears, except for: > [...] Yes, that worked.
2019 Jan 14
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Hai, Thank you for sharing this very apriciated. If i may, a few small suggestion, to make is little bit better to read/understand. In this line: samba-tool domain exportkeytab --principal=dehydrated-service at YOUR.DOMAIN /home/dehydrated/etc/dehydrated-service.keytab @YOUR.DOMAIN could you change this to : @YOUR.REALM Because of this. ( per example ) DNS domain =
2019 Jan 14
2
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
On Mon, 14 Jan 2019 10:49:43 +0100 "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote: > Hai, > > Thank you for sharing this very apriciated. > > If i may, a few small suggestion, to make is little bit better to > read/understand. > > In this line: > samba-tool domain exportkeytab > --principal=dehydrated-service at YOUR.DOMAIN
2019 Jan 14
4
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
(@Rowland) > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > > SAMBA_PRINCIPAL=dehydrated-service at YOUR.DOMAIN No, you can have your.primayDNSdomain.tld and have REALM = SOMEREALM.TLD Its not obligated to have REALM the same as the DnsDomain.
2019 Jan 14
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Hai Rowland, > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 12:48 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 12:13:19 +0100 >
2019 Jan 15
1
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Just to clarify, your hook allows dehydrated to lookup DNS to an internal Samba (or Bind_DLZ) server for DNS-01 verification in certificate generation? Kris Lou klou at themusiclink.net On Tue, Jan 15, 2019 at 2:13 AM Jakob Lenfers via samba < samba at lists.samba.org> wrote: > Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > > > Whilst it is quite correct to say that
2017 Sep 08
5
Dovecot and Letsencrypt certs
So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. After some moments of confusion I noticed that dovecot had been running since before the renewal, so I did a quick service dovecot restart which fixed everything. Should dovecot
2017 Feb 20
2
Problem with Let's Encrypt Certificate
yacinechaouche at yahoo.com writes: > Interesting. Is there any particular benefit in having only one file > for both certificate and private key ? I find that putting private key > in a separate file feels more secure. It's convenient to have key and cert in one place if you don't need the certificate to be publically readable. Keeping it in separate files would add slightly
2017 Sep 09
1
Dovecot and Letsencrypt certs
If you're using acme.sh: acme.sh --installcert -d imap.example.com \ ? --keypath /etc/pki/dovecot/private/imap.example.com.pem \ ? --certpath /etc/pki/dovecot/certs/imap.example.com.crt \ ? --fullchainpath /etc/pki/dovecot/certs/imap.example.com.full.chain.crt \ ? --reloadcmd??????????? "systemctl reload dovecot.service" HTH, Bill On 9/8/2017 9:56 AM, Darac Marjal wrote: >
2019 Jan 15
0
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
Am 14.01.19 um 11:29 schrieb Rowland Penny via samba: > Whilst it is quite correct to say that the REALM isn't the same as a > DNS domain, there is a correlation between them. The REALM must be the > DNS domain in uppercase, so this: > [...] I'll let you discuss this with Louis, I'm barely following anymore and try to add everything when you're done ;) > If you do
2019 Jan 10
4
samba-tool auth in scripts
Am 09.01.19 um 14:01 schrieb Rowland Penny via samba: > Try reading this: > > https://wiki.samba.org/index.php/Configure_DHCP_to_update_DNS_records_with_BIND9 > > It's for DHCP updating dns records, but it uses a dedicated user and > kerberos, so it should help you. Thats exactly what I wanted, thanks. Just a little problem, "samba-tool [...] -k yes" after
2019 Jan 14
1
dehydrated hook for LetsEncrypt certs and samba dns (was: samba-tool auth in scripts)
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: maandag 14 januari 2019 13:21 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] dehydrated hook for LetsEncrypt certs > and samba dns (was: samba-tool auth in scripts) > > On Mon, 14 Jan 2019 13:03:42 +0100 > "L.P.H.
2019 Jan 09
3
samba-tool auth in scripts
Hi, I created a script to add DNS entries with samba-tool (for LetsEncrypt, as a dehydrated hook.) Works fine, but I have the password for the dedicated user to do that in the script in the clear. I think I read somewhere something about doing it with kerberos, but I never used kerberos and don't know where to start. Is there any good way to be doing this? Thanks, Jakob
2017 Sep 08
0
Dovecot and Letsencrypt certs
On Fri, Sep 08, 2017 at 06:47:25AM -0600, @lbutlr wrote: >So this morning at 4am I was awoken to my mail clients getting certificate errors for an expired certificate. > >I hopped on to the server and checked and? no, the LE certs renewed last month and are valid until November. > >After some moments of confusion I noticed that dovecot had been running since before the renewal, so I
2019 Jul 05
1
Dovecot local_name TLS SNI regex
Hello, does local_name in TLS SNI context support regex? for example: local_name example-(foo|bar).com { ssl_cert = </var/lib/dehydrated/certs/example.com/fullchain.pem ssl_key = </var/lib/dehydrated/certs/example.com/privkey.pem } Best regards
2017 Feb 17
1
Problem with Let's Encrypt Certificate
Hey. Thanks again for your help. I took the "dovecot -n" while the StartSSL Certificate was active, so the chain.pem was correct. Finally I found the issue! :-) But I still have no idea why the problem happens with Thunderbird. I used dehydrated to fetch the certificates from Let's Encrypt and as I said, it works for most clients pretty well. (Tried: Mulberry, Claws Mail, Outlook
2017 Feb 19
4
Problem with Let's Encrypt Certificate
On 02/18/2017 10:24 PM, Robert L Mathews wrote: > On 2/17/17 1:38 PM, chaouche yacine wrote: > >> Seems wrong to me too, Robert. If you put your private key inside >> your certificate, won't it be sent to the client along with it ? > > No; any SSL software that uses the file will extract the parts it needs > from it and convert them to its internal format for future
2017 Feb 23
0
Problem with Let's Encrypt Certificate
> On Feb 20, 2017, at 4:01 PM, Joseph Tam <jtam.home at gmail.com> wrote: > > yacinechaouche at yahoo.com writes: > >> Interesting. Is there any particular benefit in having only one file >> for both certificate and private key ? I find that putting private key >> in a separate file feels more secure. > > It's convenient to have key and cert in one
2019 Jan 10
0
samba-tool auth in scripts
> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: donderdag 10 januari 2019 14:09 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] samba-tool auth in scripts > > On Thu, 10 Jan 2019 11:42:46 +0100 > Jakob Lenfers <lenfers at bigsss-bremen.de> wrote: > > > Am
2017 Feb 19
0
Problem with Let's Encrypt Certificate
> That's one of the reasons I don't like Let's Encrypt, with one year certs it is easier to look at the certs and see what is going to expire in the coming month needing a new private key. I use dehydrated (with Cloudflare DNS challenges) and as far as I know, it seems to generate a new private key every time. All newly generated certs are generated with the timestamp in the