Does anyone have a step by step for how to install a LetsEncypt cert using acme? I know there is one for the DNS method but I need the other method and not sure how to set it up using the jail. The step by step I saw just says you need to use a jail and install socat and the acme on that but not sure how to get it all going.
-
Important Announcement for The TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
SOLVED LetsEncrypt step by step for non DNS mode
- Thread starter veldthui
- Start date
Can't use the dns method. I was trying to follow this one here https://www.ixsystems.com/community/resources/lets-encrypt-with-freenas-11-1-and-later.82/
But it just glosses over the non-dns method. It says you need to use a jail so I am assuming that I need to install nginx on that jail so it can get the file.
I am a noob at jails so not sure how to do it.
I don't think you need a web server setup -- all though that is one method.
I cant give you specific instructions how to set up the jail -- its pretty easy -- just follow the GUI and fill in the boxes.
Once in its like a new freebsd installation. Youll need to do some basics like setup users, and ssh and then update the pkg repository.
With pkg install either acme or certbot -- whatever executable you want to use.
I cant give you specific instructions how to set up the jail -- its pretty easy -- just follow the GUI and fill in the boxes.
Once in its like a new freebsd installation. Youll need to do some basics like setup users, and ssh and then update the pkg repository.
With pkg install either acme or certbot -- whatever executable you want to use.
I think you need it for the reply from Letsencrypt. at least all my others require it using this method.
I have the jail set up and got the files needs but now getting a permission error on
./.acme.sh --issue -d fqdn_of_freenas_box --standalone --reloadcmd "/path/to/deploy_freenas.py"
Just says permission denied. It was installed as root and has root/wheel as owner and has executable bit set.
Have tried acme.sh --issue -d fqdn_of_freenas_box --standalone --reloadcmd "/path/to/deploy_freenas.py" as well but no go.
Well I have most of it worked out. Found you dont need a web server with the --standalone mode. So it got the cert but it would not run the command to deploy the cert.
Used acme.sh --issue -d fqdn_of_freenas_box --standalone --reloadcmd "/path/to/deploy_freenas.py" but it is throwing up an error command not found for the deploy-freenas.py. I tried manually running it and got the same error. Yes I did install python into the jail.
Not sure where to go from here.
Used acme.sh --issue -d fqdn_of_freenas_box --standalone --reloadcmd "/path/to/deploy_freenas.py" but it is throwing up an error command not found for the deploy-freenas.py. I tried manually running it and got the same error. Yes I did install python into the jail.
Not sure where to go from here.
It is a python script. I am following the tutorial https://www.ixsystems.com/community/resources/lets-encrypt-with-freenas-11-1-and-later.82/ and that is all it gives so one would assume it should run like that otherwise why would they put it in there.
I tried running it using Python deploy_freenas.py and that started the script but bombed out with an error which I can't remember but something about release.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
If you'd posted your questions on the thread for that guide (that's why there's a thread for that guide), there probably would have been a lot less confusion.
/path/to/deploy_freenas.py is intended to be replaced with the actual path to that script--I'd thought that would be pretty obvious, but perhaps not.Well yes I am not that stupid. I just copied and pasted the example because it was easier than typing out the actual path.
Sorry -- I didn't try to imply you were stupid. It's just sometimes I see some crazy things on the forum. I use that script as well that you reference. It works for me -- at least I think it does. What exactly is the problem or error that you are getting?
As I said above. The acme script gets the certificate okay and then fails with the reload command. It fails with command not found
This is running from the jail. Python is installed and the execute bits are set on the script.
If I try and run the script outright from the shell get the same result. Command not found.
If I run it doing python deploy_freenas.py the script runs but quickly fails with import requests. Module not found error.
I copied the certs to the main freenas folder out of the jail and still get the same command not found using just the deploy_freenas.py
However if I use python deploy_freenas.py it installs the certs without error.
I want to be able to just set it in the jail and forget it ad not have to copy files around and do juggling to get it to work
I think I said that on the second line
Code:
root@Acme-Letsencrypt:~/deploy-freenas # ls -la total 63 drwxr-xr-x 3 root wheel 8 Jan 29 08:52 . drwxr-xr-x 4 root wheel 11 Jan 30 13:37 .. drwxr-xr-x 8 root wheel 13 Jan 29 08:51 .git -rw-r--r-- 1 root wheel 14 Jan 29 08:51 .gitignore -rw-r--r-- 1 root wheel 1586 Jan 29 09:24 deploy_config -rw-r--r-- 1 root wheel 1601 Jan 29 08:51 deploy_config.example -rwxr-xr-x 1 root wheel 4606 Jan 29 08:51 deploy_freenas.py -rw-r--r-- 1 root wheel 1908 Jan 29 08:51 README.md root@Acme-Letsencrypt:~/deploy-freenas #
That gets a bit further but runs into the other error.
Code:
root@Acme-Letsencrypt:~/deploy-freenas # ./deploy_freenas.py
Traceback (most recent call last): File "./deploy_freenas.py", line 22, in <module>
import requests
ModuleNotFoundError: No module named 'requests'
So to get it to run from the acme command it should be
./.acme.sh --issue -d fqdn_of_freenas_box --standalone --reloadcmd "./deploy-freenas/deploy_freenas.py"
And just need to work out how to get rid of the module error.
danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
No, it really should have the absolute path--probably
/root/deploy-freenas/deploy_freenas.py.I'd expect it's available as a package, the name of which would depend on the version of Python you're using--if 3.7, I expect you'd be able to install the package with
pkg install py37-requests.Cool that worked. It grabbed a whole lot of python stuff. Not sure why it did not do so when I first installed it.
I tried the absolute path the first time I tried it and it did not work. It certainly works now so thanks for your help.
I was having the exact same issue. Running acme in a jail and after installing some packages I got here. py37-requests is installad (python version is 3.7.7) and now I am getting another error:
Any idea?
Code:
[root@acme-v2 ~]# deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/urllib3/connection.py", line 157, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw
File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/usr/local/lib/python3.7/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 61] Connection refused
Traceback (most recent call last):
File "deploy-freenas/deploy_freenas.py", line 72, in <module>
"cert_privatekey": priv_key,
File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 116, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.7/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /api/v1.0/system/certificate/import/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x80296d950>: Failed to establish a new connection: [Errno 61] Connection refused'))Any idea?
Similar threads
