Category: Tech News

so that means another forced updated of everything built with PERL. Not sure why /usr/ports/UPDATING keeps pointing us back to 2023 when they could just post the postmaster commands to update from the last default version to new default version… heyho.

portmaster -o lang/perl5.40 lang/perl5.36

portmaster -f `pkg shlib -qR libperl.so.5.36`

I don’t know if Apple, and Google upped the ante, or I had not noticed before, or the SSL tools on the server had not kept updated, but I started getting warnings that my site was not secure. Letsencrypt has done a pretty good job for the last 5 years so I was confused as to why suddenly now , the browsers no longer liked up. Even harder now that MS Edge do not let you easily view the full cert.

A quick test at SSLlabs confirmed that the SSL for farcorfe.org.uk was all ok, but the sub-domain of www.farcorfe.org,uk was the actual issue. The SSL cert had not been validated for the www redirect.

Some quick Googling found this page – https://stackoverflow.com/questions/41097696/letsencrypt-certificate-for-www-and-non-www-domain with the required Certbot commands to add the www to the cert and a restart of Apache got the issue fixed.

I was very wary about the jump to 14 due to the change in Openssl from 1.1 to 3.0 and the pain that might entail. Also the deprecation of portsnap and getting used to Git was just something I did not have time for.

As I have created a new mirror site , see earlier post, I finally decided to bite the bullet over the festive break and did the freebsd-update upgrade option to 14.2, skipping out 14.0 and 14.1 in the process.

I was a little daunted and it failed to automatically upgrade everything to openssl 3.0 and although built the kernel and rebooted nicely, user land was still doggedly sticking to 1.1. I tried tinkering with make.conf in /etc with various default entries for openssl , but in the end removing the ssl version and just ssl=openssl and then making the usr/ports/openssl allowed 3.0 to install side by side with 1.1 thereby not breaking SSH or anything else until I was able to rebuild all of user land port by port. I was then able to complete freebsd-update install and now have another stable freebsd server for testing and training purposes.

Now I only need to fire this box up when I need Samba to move files around the network or download stuff off YouTube or run a Clamav as a 2nd pass for AV scanning and when I have time to dabble some more with FreeBSD.

Finally resolved the diminishing lack of free disk space for future FreeBSD updates. It seems that since version xx.x each upgrade as made a ZFS snapshot taking 1-3Gb each for each successive version. As the hardware has been running since 2017 that’s an awful lot of major and point revision snapshots.

DU and DF hid those successive snapshots and I was blaming my ever expanding OneDrive offline sync for taking excessive amounts of disk space even though I was convinced I had move the sync folder to the slave disk some time ago.

As I have never needed to roll back a ZFS snapshot I had never needed to explore what amount of space they took, or even how to display their usage, even less so how to delete them. Necessity being the mother of all invention, or least the need for a proper Google session I finally found the commands and confidence to delete 12 previous incarnations of FreeBSD and give me back the free disk I need to apply the next edition of FreeBSD.