Hi all,
I've got Lets Encrypt running within a jail using dns-01 to automate SSL certificates for all my jails and their services (this appears to be working quite nicely) I've also got it generating a cert which I would like to use with the FreeNAS GUI.
Given that the generated certs are in a directory such as /mnt/tank/dehydated/certs/freenas/<certs/privkey/etc>
Ideally I want to just replicate what the GUI is doing when you import a new cert/privkey but do so in an automated way via cron. Is there any way to automate updating of the FreeNAS cert via cron task?
From other threads on the forum it sounds like simply copying to /etc/certificates would not be sufficient and I don't like going behind the gui's back really.
I read another post (well bug comment) that uses a tunable to have FreeNAS use a different directory to obtain its certs, but I wouldn't want the tunable to be pointing to a directory within my pool as the pool may not be available at boot time. For example if it's an encrypted pool or there are errors that prevent the pool mounting that need to be solved. The tunable would need to point to a root directory.
I'd be fine with a cron that copied certs to a root directory for example /ssl and then using a tunable to have the webgui use those certs. But wouldn't that be blasted away during any system upgrade? Is there any way to preserve a root directory during upgrades?
Any better ways to achieve this? I get the feeling from the above linked bug post, it may not be possible yet?
I've got Lets Encrypt running within a jail using dns-01 to automate SSL certificates for all my jails and their services (this appears to be working quite nicely) I've also got it generating a cert which I would like to use with the FreeNAS GUI.
Given that the generated certs are in a directory such as /mnt/tank/dehydated/certs/freenas/<certs/privkey/etc>
Ideally I want to just replicate what the GUI is doing when you import a new cert/privkey but do so in an automated way via cron. Is there any way to automate updating of the FreeNAS cert via cron task?
From other threads on the forum it sounds like simply copying to /etc/certificates would not be sufficient and I don't like going behind the gui's back really.
I read another post (well bug comment) that uses a tunable to have FreeNAS use a different directory to obtain its certs, but I wouldn't want the tunable to be pointing to a directory within my pool as the pool may not be available at boot time. For example if it's an encrypted pool or there are errors that prevent the pool mounting that need to be solved. The tunable would need to point to a root directory.
I'd be fine with a cron that copied certs to a root directory for example /ssl and then using a tunable to have the webgui use those certs. But wouldn't that be blasted away during any system upgrade? Is there any way to preserve a root directory during upgrades?
Any better ways to achieve this? I get the feeling from the above linked bug post, it may not be possible yet?
Last edited by a moderator: