Felix Palmen 📯Mar 27, 2024

Goal: Get some #letsencrypt certificate obtained with #uacme deployed on some #Windows box

Step 1: Ok, this probably works best with #Powershell (which I don't really like ...)

Step 2: There's no #FreeBSD port ... but hey, there's now a FreeBSD port of #dotnet, let's try to "just" build Powershell using that.

Step 3: Hell why does it fail to build. Oh, System.Security.Cryptography.Native doesn't play well with #LibreSSL

Patch and retry, I guess I'll take some sleep now first. Bah!

(there's some irony in running into OpenSSL/LibreSSL issues when trying to deploy TLS certificates ...)

Show threadRyan BolgerMar 28, 2024
@zirias I'm confused. Are you trying to get the certs on Windows or FreeBSD? If PowerShell on Windows, why not use a PowerShell native client like Posh-ACME? If uacme on FreeBSD, why build PowerShell there?
https://poshac.me/docs/v4/
Home

Documentation for the Posh-ACME PowerShell module

Show threadFelix Palmen 📯Mar 28, 2024
@rmbolger Because I have a central certificate distribution where I have setup everything (including DNS challenges) and I don't want to allow the Windows machine to do DNS updates at all.
Show threadSass, DavidMar 28, 2024
@zirias @rmbolger don't want to allow Windows to change DNS, do you mean register themselves to the local network?
Show threadFelix Palmen 📯
@sassdawe @rmbolger No, I mean for adding the stuff a DNS challenge with letsencrypt would need (which is my preferred challenge method, I don't want to setup some webserver for every subdomain/host that needs a certificate).
Mar 28, 2024 at 12:32pmWeb