Date: Mon, 19 Dec 2016 11:56:20 -0600 (CST) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "David Mehler" <dave.mehler@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: letsencrypt setup on freebsd Message-ID: <12862.128.135.52.6.1482170180.squirrel@cosmo.uchicago.edu> In-Reply-To: <CAPORhP6fye7P3UfcSEWtyM7_6Qi1AbW4Tm4KvJyL0=dT=5d6bw@mail.gmail.com> References: <CAPORhP6fye7P3UfcSEWtyM7_6Qi1AbW4Tm4KvJyL0=dT=5d6bw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, December 19, 2016 11:32 am, David Mehler wrote: > Hello, > > How did you get letsencrypt set up on FreeBSD? The more I'm reading > the more confusing I'm finding it. Here is what I did (followed mostly these two docs): # https://letsencrypt.org/getting-started/ # https://certbot.eff.org/#freebsd-apache pkg install py27-certbot certbot certonly --webroot -w /usr/local/www/apache24/data -d [your_domain_name].org # Note, that /usr/local/www/apache24/data is webroot of running webserver serving [your_domain_name].org #Certificate and chain have been saved at: /usr/local/etc/letsencrypt/live/cmb-s4.org/fullchain.pem # Now, note that you have to set cron job to renew them as certs # expire after 90 days... # Configure apache vi /usr/local/etc/apache24/extra/httpd-ssl.conf ----- SSLCertificateFile "/usr/local/etc/letsencrypt/live/[your_domain_name].org/cert.pem" SSLCertificateKeyFile "/usr/local/etc/letsencrypt/live/[your_domain_name].org/privkey.pem" SSLCertificateChainFile "/usr/local/etc/letsencrypt/live/[your_domain_name].org/chain.pem" ----- # and restart apache now. # note that there are symlinks: # ls -l /usr/local/etc/letsencrypt/live/[your_domain_name].org/ # and here where actual files are # cd /usr/local/etc/letsencrypt/archive/[your_domain_name].org # check that renew certificate script works /usr/local/bin/certbot renew --dry-run # it only reports about renewing # To not miss the renewal moment, set cronjob twice a day: #crontab -e #----- #27 1,13 * * * /usr/local/bin/certbot renew --quiet #----- # Note that for cron job to work you have to have cron daemon running # I hit this snag as all the above I actually have inside the jail # that runs that service for .org domain I support for on of our projects. # Alternatively you can set cron job outside jail, something like this: crontab -e ----- 27 1,13 * * * /usr/sbin/jexec `/usr/sbin/jls | /usr/bin/grep [your_domain_name_or_rather_jail_name] | /usr/bin/awk '{ print $1 }'` /usr/local/bin/certbot renew --quiet ----- And that should be it. Good luck! Valeri > > Thanks. > Dave. > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12862.128.135.52.6.1482170180.squirrel>