Let's Encrypt Local Servers and Devices

When accessing internal servers and devices, are you tired of seeing warning messages from your browser informing you that 'Your connection is not secure'? Want to set up secure communication for supported systems?

This scripted resource builds a Let's Encrypt toolbox in a jail including acme.sh, an LE client, and an eclectic collection of useful tools for centrally managing LE certificates for a variety of systems. The following systems are currently supported:

TrueNAS and FreeNAS servers.
HP iLO remote server management devices.
FRITZ!Box residential gateway devices.

The script sets up an acme.sh server to handle the issue and automatic renewal of LE certificates (only valid for 90 days) for those systems.

Objectives

The script creates a jail designed to meet these key objectives:

Facilitate the centralised deployment of LE certificates to several groups of internal systems;
Automate the issue and renewal of certificates for those systems (the script installs an acme.sh server in the jail to handle this).
Best practice is to decouple a jail from its data. The script sets up the structures to store certificates and other data files outside the jail.

Requirements

The requirements for issuing certificates to internal systems are:

You must own or be able to control a public domain name.
Your internal DNS must be capable of resolving internal host names, based on the public domain name, to matching internal IP addresses. This is commonly referred to as split DNS.
To be able to issue certificates automatically, your DNS Provider must be one that acme.sh recognises as providing automatic DNS API integration.

If you tick these requirements, proceed to https://github.com/basilhendroff/truenas-iocage-letsencrypt for scripted installation instructions.

Acknowledgements

If it were not for the ground-breaking efforts of @danb35 to implement a means of deploying LE certificates to FreeNAS, and now TrueNAS, servers (refer to the community resource Let's Encrypt with FreeNAS 11.1 and later), centralised TrueNAS and FreeNAS certificate management for this resource would not be possible.
Dennis Kaarsemaker for implementing python-hpilo, a python library and command-line tool, for interacting with HP iLO devices.
Neil Pang for the LE client acme.sh and FRITZ!Box deploy hook.

Author: Basil Hendroff

Downloads: 67,503

Views: 269,871

First release: Nov 24, 2020

Last update: Nov 9, 2021

Rating: 5.00 star(s) 1 ratings

Join the discussion

More resources from Basil Hendroff

Scripted WordPress Installation (for Reverse Proxy)
Script to install WordPress, incl. MariaDB, Redis, phpMyAdmin, WP-CLI and Caddy, in an iocage jail
Scripted Tautulli Installation
Script to install Tautulli in an iocage jail.
Nextcloud and OnlyOffice Integration
A collection of notes on how to integrate OnlyOffice with NextCloud on TrueNAS.
Nextcloud and Collabora Integration
A collection of notes on how to integrate Collabora with Nextcloud on TrueNAS.
Scripted Detection of SMR Drives
A handy bash script for detecting Western Digital, Seagate and Toshiba SMR drives

Share this resource

Facebook Twitter Reddit Pinterest Tumblr WhatsApp Email Link

Latest updates

Python 3.8

Python 3.8 is now the required minimum version. To upgrade an existing jail, run the following...

Latest reviews

G

gt2416
5.00 star(s)
May 24, 2021
Version: 1.0

Thank you ! Just what I needed. Everyone should try using this first before starting their path into custom jails/ webapps.

Upvote 0 Downvote

Important Announcement for The TrueNAS Community.

Let's Encrypt Local Servers and Devices 1.1