TrueNAS SCALE - How to generate Let's encrypt Certificate with ACME Shell Script (acme.sh)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello guys in today's video i will show you how to generate let's encrypt certificate with the acme shell script on TrueNAS Scale so first thing if you haven't done so you have to change the local domain to the fully qualified domain name so in order to do that you can navigate it to a network and under the global configurations settings from here you can change the host name or the domain name to the fully qualified domain name or FQDN so my uh FQDN is sysadmin102.tech. uh hostname I'm going to change this to something else since I already assigned TrueNAS to another VM. I'm going to call it truenatscale102 and we will go down and we're going to save it. All right, so in order for this to take a effect you have to restart truenas so we'll go ahead and do that, restart all right now that it restarted we're gonna go ahead and log back in okay, notice how the host names it changed to the FQDN truenascale.sysadmin102.tech so now you can log in using that FQDNinstead of using IP address All right, the next step we're gonna go to uh Credentials and then Certificates. So as you see, iXsystem actually included ACME DNA Authenticator. However uh the only two a DNS API they included. This is for Cloudflare and the other one is rout53. Cloudflare is a common uh DNS uh or a Domain provider for most of um commercials and so is route53 which is AWS not a lot of it's not a popular choice for a personal use acme shell script actually supported a lot of DNS API. I don't know why iXsystem decided that they only included two in the GUI for the DNS authenticators if you have a Cloudflare or the rroute53 which is AWS uh you can use the GUI to set up your let's encrypt certificate, if not uh we're gonna uh we're gonna go to the next step all right in the next step we're going to install the acme.sh shell script so in order to do that you're going to have to uh system settings and select a shell all right I'm going to make the font size a little bit bigger so it's easier for you to follow along there we go so I'm going to go ahead and head to the acme official github and copy the command to install it online so i'm going to copy the first command and the email use any email that you want to get notified about the certificate it gonna let you know whether the certificate about to expired whether it failed to renew or the certificate that already expired okay i'm going to go ahead and paste it in here and the email i'm going to use uh techsupport@sysadmin102.com all right all right next step we're gonna provide a credential for the acme script to authenticate our DNS so it really depends on what kind of service provider you're using for me i'm using the ClouDNS so in order to provide the credentials I'm going to use the command export CLOUDNS_SUB_AUTH_ID= I'll paste it in here and get my SUB AUTH ID from the ClouDNS so for ClouDNS the API it have full access to our domain and settings the SUB ID it did have a little bit more limitations a limit by the amount of zone or the amount of mail forwarding it have access to so it's better for security so the sub id is 16097 okay 16097 actually put in the quotation mark "16097" 16097 yep enter and next we're gonna provide a password so password is gonna be export CLOUDNS_AUTH_PASSWORD= okay and the password that that sysadmin102@@@ 102 there we go all right now that we've provided the um credential for ClouDNS, the next step is to issue the certificate so the command gonna be a acme.sh --issue and then --dns dns so for this one you're going to release this with whatever your dns api is so for me at the dns_cloudns for the api and it's going to be you can specify the key lens by using --keylength to customize the key length otherwise you can use the default setting which is fine 4096 and -d for the domain and we're going to put the TrueNAS in here truenasscale102.sysadmin102.tech make sure you to check your spelling if it's wrong then it's not going to be working and once you've done that hit enter all right if everything runs smoothly you have the you should have something similar like this on your screen if you get the time out just rerun the script again and it should be working just fine and this is where the location that the let's encrypt certificate stores on your TrueNAS the next step is to generate a new API key so we can deploy the certificate on TrueNAS so you can navigate to the settings and then API key all right and we're going to add the new API key we're just going to name it Cert deploy add a new one all right and we're going to copy that API key to clipboard and I'm not going to open up the text file and paste this in there let me go ahead and close this we can go back to the system settings and then shelves all right I'll make the font bigger so next step we're going to launch the copy the python shell that made by the user danb35 on a TrueNAS forum to deploy the certificate so I'm using this command to download the python script okay All right you can use the list command to see if it actually successfully downloaded okay you can see that it successfully downloaded on the deploy under the deploy-freenas folder next step is we're going to change the directory to that folder so cd /deploy-freenas do a list command again so in here you have the readme file it's also have a deploy_config.sample and deploy_freenas.py for python so in order to view this script, you have to create a config file so we're gonna use nano text editor and open the deploy_config_sample so we can create a config file from that i can click on the Control O to write out a new file and I'm going to use the backspace to delete out .sample and enter yes to save as a new file ctrl X we can use the list command again and as you see now we have the new file called deploy_config we're going to edit that file using the nano text editor okay and it's not recommended to you the root username and password in plain text so we're gonna disable that using the hashtag icon and we're gonna delete that one to add edit the API key that we generated earlier enter and put the new API key in there remove the space here all right okay and ctrl X, Y to save it okay next step is we're gonna deploy the certificate to your uh to uh the TrueNAS so the command gonna be acme.sh --install-cert -d okay and it's gonna be a truenasscale102.sysadmin102.tech and then we can add the reload command --reloadcmd quotation mark deploy -freenas and then it's gonna be a deploy_freenas.py and quotation mark again and enter okay so the certificate that imports successful all right it should restart a web interface okay we're going to log back into the tuner okay now that you head over to the credentials and certificate you'll see that it have it now have the certificate generated by less encrypt and up here you still see that red icon that is because this is http not https so in order to redirect https we have to go to system setting and then general and under settings we're gonna change uh enable the web interface http to https redirect and we're going to save it and confirm all right and now that it restart we log back in and there we go is no longer read because the certificate that certified by um let's encrypt or is zero ssl all right and lastly we need to create a cron job so that is automatically renew the certificate we don't have to manually run the script so in order to do that you can would navigate it to a system settings and then select advanced under cron jobs we're going to add a new one and we're gonna call it the let encrypt renewal and the command dan already provided command for us so we're just going to copy and paste that command and we're going to run it as a root user and we're gonna run this weekly and I'm gonna go ahead and set the crown shot and we can test it out by running the job okay it's completed successfully all right and that's it for uh today tutorial guy if you think the tutorial is helpful don't forget to subscribe like and if you don't like watching video you can head over to my uh blog uh or forum I will be posting the tutorial for this in my Blog and as well as my forum thank you for watching and I'll see you guys in the next tutorial bye bye!

Info

Channel: SYSADMIN102™

Views: 14,500

Rating: undefined out of 5

Keywords: Syadmin102, Nhan, Nguyen, Nextcloud, TrueNAS, FreeNAS, ClouDNS, Tutorial, how to, cloud, Data Storage, Networking, NAS, Remote Access, A record, DNS Record, owncloud, SSL, Let's Encrypt, HTTPS

Id: BYkBJ11gDIM

Channel Id: undefined

Length: 17min 1sec (1021 seconds)

Published: Mon Mar 28 2022