December 22 update

jails/config/cert/config.cfg

@@ -4,7 +4,7 @@
 # for example: listen = "127.0.0.1:53"
 listen = "0.0.0.0:53"
 # protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
-protocol = "both4"
+protocol = "both"
 # domain name to serve the requests off of
 domain = "dns-auth.ahlawat.com"
 # zone name server
@@ -44,7 +44,7 @@ tls_cert_fullchain = "/mnt/certs/fullchain.pem"
 # only used if tls = "letsencrypt"
 acme_cache_dir = "api-certs"
 # optional e-mail address to which Let's Encrypt will send expiration notices for the API's cert
-notification_email = ""
+notification_email = "sharad.ahlawat.com"
 # CORS AllowOrigins, wildcards can be used
 corsorigins = [
     "*"
@@ -56,7 +56,7 @@ header_name = "X-Forwarded-For"
 
 [logconfig]
 # logging level: "error", "warning", "info" or "debug"
-loglevel = "debug"
+loglevel = "error"
 # possible values: stdout, TODO file & integrations
 logtype = "stdout"
 # file path for logfile TODO

jails/config/cert/ocsp_update.sh

@@ -0,0 +1,27 @@
+#!/usr/local/bin/bash
+
+shopt -u nullglob
+
+# Certificates path and names
+DIR="/mnt/certs"
+CERTS="${DIR}/*haproxy.pem"
+
+for CERT in $CERTS; do
+# Get the issuer URI, download it's certificate and convert into PEM format
+ISSUER_URI=$(openssl x509 -in $CERT -text -noout | grep 'CA Issuers' | cut -d: -f2,3)
+ISSUER_NAME=$(echo ${ISSUER_URI} | cut -d/ -f3)
+ISSUER_PEM="${DIR}/${ISSUER_NAME}.pem"
+wget -q -O- $ISSUER_URI | openssl x509 -inform DER -outform PEM -out $ISSUER_PEM
+
+# Get the OCSP URL from the certificate
+ocsp_url=$(openssl x509 -noout -ocsp_uri -in $CERT)
+
+# Extract the hostname from the OCSP URL
+ocsp_host=$(echo $ocsp_url | cut -d/ -f3)
+
+# Create/update the ocsp response file
+openssl ocsp -noverify -no_nonce -issuer $ISSUER_PEM -cert $CERT -url $ocsp_url -header Host=$ocsp_host -respout ${CERT}.ocsp
+
+done
+
+exit 0

jails/config/cert/pkg-list-details-old.txt

@@ -0,0 +1,8 @@
+pkgp-freebsd-pkg____bash-5.2.9
+pkgp-freebsd-pkg____bash-completion-2.11_1,2
+pkgp-freebsd-pkg____curl-7.85.0
+pkgp-freebsd-pkg____git-lite-2.38.1_3
+pkgp-freebsd-pkg____go-1.19,2
+pkgp-freebsd-pkg____nano-6.4
+pkgp-freebsd-pkg____pkg-1.18.4
+pkgp-freebsd-pkg____wget-1.21.3_1

jails/config/cert/pkg-list-details.txt

@@ -1,7 +1,8 @@
-pkgp-freebsd-pkg____bash-5.1.16
-pkgp-freebsd-pkg____bash-completion-2.11_1,2
-pkgp-freebsd-pkg____curl-7.82.0
-pkgp-freebsd-pkg____git-lite-2.35.1
-pkgp-freebsd-pkg____go-1.18,1
-pkgp-freebsd-pkg____nano-6.0
-pkgp-freebsd-pkg____pkg-1.17.5_1
+pkgp-freebsd-pkg____bash-5.2.12
+pkgp-freebsd-pkg____bash-completion-2.11_2,2
+pkgp-freebsd-pkg____curl-7.85.0
+pkgp-freebsd-pkg____git-lite-2.38.1_4
+pkgp-freebsd-pkg____go-1.19,2
+pkgp-freebsd-pkg____nano-7.0
+pkgp-freebsd-pkg____pkg-1.18.4
+pkgp-freebsd-pkg____wget-1.21.3_1

jails/config/cert/pkg-list-old.txt

@@ -0,0 +1 @@
+bash bash-completion curl git-lite go nano pkg wget

jails/config/cert/pkg-list.txt

@@ -1 +1 @@
-bash bash-completion curl git-lite go nano pkg
+bash bash-completion curl git-lite go nano pkg wget