![]() ![]() usr/jails/certs-rsync/var/db/certs-for-rsync is the mount point with the rsync jail (which I named certs-rsync). usr/jails/certs/var/db/certs-for-rsync is mounted in the acme.sh jail (in my case, the actual jail name is certs). Here is that nullfs I use: /usr/jails/certs/var/db/certs-for-rsync /usr/jails/certs-rsync/var/db/certs-for-rsync nullfs ro 0 0 This allows files written in one jail to be shared, read-only via a nullfs mount, with another jail. This solution assumes that the acme.sh jail and the rsync jail are on the same host. I will assume you have read my previous post where I describe the cert-shifter process. In this post, I will describe how the website pulls the certificates down from the rsync-jail. I use anvil to distribute those certificates. In my Let’s Encrypt implementation, I am using a centralized acme.sh solution which generates all the certificates I use and authenticates via dns-01 challenges.
0 Comments
Leave a Reply. |