Skip to content

hyrsky/certbot-jail

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
certonly
certonly
 
 
hook.sh
hook.sh
 
 
playbook.yml
playbook.yml
 
 
policy.json
policy.json
 
 
renew
renew
 
 

Repository files navigation

Let's encrypt jail

  1. Create aws user with policies

    • Managed policy AmazonRoute53ReadOnlyAccess
    • Managed policy AmazonRoute53DomainsReadOnlyAccess
    • Policy from ./policy.json

  2. Create ~/.aws/credentials with content:

    [default]
aws_access_key_id=<KEY ID>
aws_secret_access_key=<KEY SECRET>

  3. Log in to jail and run following commands

    pkg install py36-certbot py36-ansible py36-boto git
git clone https://github.com/hyrsky/certbot-jail.git
certbot-jail/certonly <email> <domain>

  4. Then create cron job for renewing certificate

    # Attempt to renew daily
0 3 * * * $HOME/certbot-jail/renew

  5. Run following commands as root inside FreeNAS

    Copy files to boot pool. Certificates are not available if using encrypted pool.

    mkdir -p /certs
chmod 700 /certs
ln -s /certs/fullchain.pem /certs/letsencrypt.crt
ln -s /certs/privkey.pem /certs/letsencrypt.key

rsync -L /mnt/POOL/iocage/jails/letsencrypt/root/usr/local/etc/letsencrypt/live/DOMAIN/* /certs

  6. Create certificate with identifier letsencrypt

  7. Create System > Tunables: SSLDIR (rc.conf) = /certs

  8. Create Tasks > Cron Jobs:

    # Attempt to renew daily
30 3 * * * 
rsync -L /mnt/POOL/iocage/jails/letsencrypt/root/usr/local/etc/letsencrypt/live/DOMAIN/* /certs && service nginx reload

  9. Enable HTTPS in System > General

TODO

  • Installer script

About

Get Let's encrypt certificate in FreeNAS jail.

Topics

letsencrypt freenas-scripts

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages