Here is an easy how-to for installing the Let’s Encrypt plugin to your Freenas or Truenas server using Amazon’s superior Route 53. I have tested this method with both Freenas 11.x and the fancy new Truenas 12.x versions. Make sure you are connected to the network and that port 80 is allowed through to your nas box so the LE plugin can verify and pass all the checks successfully. Without further ado, let’s go!
Here are the steps I followed to get Let’s Encrypt & Route 53 working on my FreeNas/Truenas server:
- SSH into freenas. (I love Termius)
- Log in as root:
root@your_nas:~ #curl https://get.acme.sh | sh
- Grab DanB’s Freenas/LE software from github:
root@your_nas:~ #git clone https://github.com/danb35/deploy-freenas
- Copy the config file:
root@your_nas:~ #cp /root/deploy-freenas/deploy_config.example /root/deploy-freenas/deploy_config
- Edit the copied config file and edit password and replace with your root pw and enter your fqdn (yourdomain.com):
root@your_nas:~ #nano /root/deploy-freenas/deploy_config
I HATE vim. It sucks. It is a stupid leftover from the dawn of the internet. I like nano WAY better. If you need to, here’s how to install nano. Again, you may be prompted several times. Reply Y each time:
root@your_nas:~ # pkg install nano
- Move to the root folder and enter bash:
root@your_nas:~ #cd /root
- Now I use AWS Route 53 for DNS and I need to export the private and secret keys:
root@your_nas:~ #export AWS_ACCESS_KEY_ID=PUTYOURSECRETKEYHERE
root@your_nas:~ #export AWS_SECRET_ACCESS_KEY=PUTYOURSECRETKEYHERE
- Let’s get that cert:
root@your_nas:~ #.acme.sh/acme.sh --issue -d your.domain.here --dns dns_aws --reloadcmd "/root/deploy-freenas/deploy_freenas.py"
** Here is what you should see if all goes according to plan:
[Tue Feb 2 11:26:53 EST 2021] Your cert is in /root/.acme.sh/yourdomain.com/yourdomain.com.cer
[Tue Feb 2 11:26:53 EST 2021] Your cert key is in /root/.acme.sh/yourdomain.com/yourdomain.com.key
[Tue Feb 2 11:26:53 EST 2021] The intermediate CA cert is in /root/.acme.sh/yourdomain.com/ca.cer
[Tue Feb 2 11:26:53 EST 2021] And the full chain certs is there: /root/.acme.sh/yourdomain.com/fullchain.cer
[Tue Feb 2 11:26:53 EST 2021] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Certificate import successful
Certificate list successful
Setting active certificate successful
Reloading WebUI successful
deploy_freenas.py executed successfully
[Tue Feb 2 11:27:00 EST 2021] Reload successs.
- Reload your Freenas/Truenas gui and navigate to System – General, and change the interface to HTTPS and select Let’s Encrypt SSL Certificate.
- Create a cron job to renew your certificate. Add: /root/.acme.sh/acme.sh –renew -d yourdomain.com and run as user root. Set it to run every day at midnight.
Still not working as you expect? Check out the log files in Freenas before you post a comment.
Still not working? Check this post for clues (it’s a good troubleshooting primer as well). Just telling me it’s not working does not provide enough information to troubleshoot your problem. You wouldn’t take your car into the garage and say, “my car doesn’t work!” – you need to give me some clues to help you fix your problem. Check your steps carefully, every command has to be issued as it is shown in the how to. If you find any mistakes please let me know and I will fix them right away.