-
Create aws user with policies
- Managed policy
AmazonRoute53ReadOnlyAccess - Managed policy
AmazonRoute53DomainsReadOnlyAccess - Policy from
./policy.json
- Managed policy
-
Create
~/.aws/credentialswith content:[default] aws_access_key_id=<KEY ID> aws_secret_access_key=<KEY SECRET>
-
Log in to jail and run following commands
pkg install py36-certbot py36-ansible py36-boto git git clone https://github.com/hyrsky/certbot-jail.git certbot-jail/certonly <email> <domain>
-
Then create cron job for renewing certificate
# Attempt to renew daily 0 3 * * * $HOME/certbot-jail/renew
-
Run following commands as root inside FreeNAS
Copy files to boot pool. Certificates are not available if using encrypted pool.
mkdir -p /certs chmod 700 /certs ln -s /certs/fullchain.pem /certs/letsencrypt.crt ln -s /certs/privkey.pem /certs/letsencrypt.key rsync -L /mnt/POOL/iocage/jails/letsencrypt/root/usr/local/etc/letsencrypt/live/DOMAIN/* /certs -
Create certificate with identifier letsencrypt
-
Create System > Tunables: SSLDIR (rc.conf) = /certs
-
Create Tasks > Cron Jobs:
# Attempt to renew daily 30 3 * * * rsync -L /mnt/POOL/iocage/jails/letsencrypt/root/usr/local/etc/letsencrypt/live/DOMAIN/* /certs && service nginx reload
-
Enable HTTPS in System > General
- Installer script