FreeBSD fetch additionally to curl/wget

[ck-ws]

Some FreeBSD embedded systems (e.g. pfSense, FreeNAS, nas4free, ...) don't have curl and wget installed by default, but fetch(1).

Would it be possible to add this as well?

[Neilpang]

We need http GET/POST support to issue cert. And we also need http/PUT method to use cloudflare api.

So, does "fetch" command support POST/PUT method ?

[Neilpang]

It's strongly recommended to install curl if possible for you. That's well tested, and bugless.

[ck-ws]

Sorry, checked the manpage yesterday but didn't share my results before:
It seems fetch only supports GET requests, so it won't do it.

On named systems above, it isn't possible to install additional packages or ports, since they usually are run embedded, means: the root file system is in RAM and never synced back to disk.
Usually the solutions are something like finch or full blown jails on some fixed storage.
Until today I used a finch chroot with a full FreeBSD install and the letsencrypt-auto package. But acme.sh is much neater :)

I found a way to use curl:
Get the URL of the curl package for your FreeBSD version and architecture: http://distcache.freebsd.org/ (e.g. for FreeBSD 10 on x86-64 it's currently: http://distcache.freebsd.org/freebsd:10:x86:64/latest/All/curl-7.49.0.txz)

$ fetch -o curl.txz http://distcache.freebsd.org/freebsd:10:x86:64/latest/All/curl-7.49.0.txz
$ tar xvf curl.txz /usr/local/bin/curl
$ mv usr/local/bin/curl .
$ rm curl.txz
$ # rm -r usr # be sure you're not in / ;-)

Now check that curl works using curl --version or by downloading a file. Additionally, you'll need to add the path to the curl binary to the $PATH. I'll do this in a script.

Should I add the explanations above to the wiki?

[Neilpang]

yes, it may help others.

[ck-ws]

I'll just collect all the information here until I tested this and could add it to the wiki. After that, I will close this issue.

You'll also need the ca-root-nss.crt file, so that curl can check the SSL certificates of the letsencrypt servers. Get it the same way as curl package above, e.g. you could use
http://distcache.freebsd.org/freebsd:10:x86:64/latest/All/ca_root_nss-3.22.2.txz
Then do the same as above

$ fetch -o carootnss.txz http://distcache.freebsd.org/freebsd:10:x86:64/latest/All/ca_root_nss-3.22.2.txz
$ tar xvf carootnss.txz /usr/local/share/certs/ca-root-nss.crt
$ mv /usr/local/share/certs/ca-root-nss.crt .
$ rm carootnss.txz
$ # rm -r usr # be sure you're not in / ;-)

After that, set the path to your copy of ca-root-nss.crt in the environment variable $CURL_CA_BUNDLE.

Insecure, but possible: you can modify your acme.sh copy and add -k or --insecure to every request.

[Neilpang]

how is the progress ?

[ck-ws]

Seems to work, but I'll test that once more.
Is there any way to edit the wiki online or do I need to fork/pull request?

[Neilpang]

You can edit the wiki page online.

[ck-ws]

Seems like I can't 😆 There is no edit button. I can clone the wiki-git, but can't fork and PR.
So I wrote the Markdown offline. It's attached. Can you add it, please?

How-to-use-on-FreeBSD-embedded.md.zip

Needed to zip it, GitHub doesn't accept markdown files here.

[Neilpang]

Pleae try again. you can edit it now.
Please create a new page like: "How to use on embedded FreeBSD"

[ck-ws]

Thanks, it's added!