home tags events about login

horia rss

just a simple OpenBSD appreciator

horia honked back 25 Sep 2022 06:49 -0700
in reply to: https://honk.vedetta.com/u/horia/h/j6CV1lsQ1xL467cl53

Bulk certificate and OCSP stapling update script:

#!/bin/sh
set -o nounset
NAME="$(awk '/^[[:space:]]*tls keypair/{printf "%s ",$NF}' /etc/relayd.conf)"
for n in ${NAME}
 do
  acme-client $n
  ocspcheck -No /etc/ssl/$n.{ocsp,crt}
done
rcctl reload relayd

horia honked 24 Sep 2022 10:19 -0700

OpenBSD cron(8) jobs for OCSP stapling, based on CA's update interval:

# letsencrypt
~ ~ */6 * * acme-client example.com; ocspcheck -No ${SYSCONFDIR}/ssl/example.com.{ocsp,crt}; rcctl reload relayd
# buypass 
~ */7 * * * acme-client example.com; ocspcheck -No ${SYSCONFDIR}/ssl/example.com.{ocsp,crt}; rcctl reload relayd