Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.
Let's Encrypt Local Servers and Devices

Let's Encrypt Local Servers and Devices 1.0

When accessing internal servers and devices, are you tired of seeing warning messages from your browser informing you that 'Your connection is not secure'? Want to set up secure communication for supported systems?

This scripted resource builds a Let's Encrypt toolbox in a jail including acme.sh, an LE client, and an eclectic collection of useful tools for centrally managing LE certificates for a variety of systems. The following systems are currently supported:
  1. TrueNAS and FreeNAS servers.
  2. HP iLO remote server management devices.
  3. FRITZ!Box residential gateway devices.
The script sets up an acme.sh server to handle the issue and automatic renewal of LE certificates (only valid for 90 days) for those systems.

Objectives

The script creates a jail designed to meet these key objectives:
  1. Facilitate the centralised deployment of LE certificates to several groups of internal systems;
  2. Automate the issue and renewal of certificates for those systems (the script installs an acme.sh server in the jail to handle this).
  3. Best practice is to decouple a jail from its data. The script sets up the structures to store certificates and other data files outside the jail.
Requirements

The requirements for issuing certificates to internal systems are:
  1. You must own or be able to control a public domain name.
  2. Your internal DNS must be capable of resolving internal host names, based on the public domain name, to matching internal IP addresses. This is commonly referred to as split DNS.
  3. To be able to issue certificates automatically, your DNS Provider must be one that acme.sh recognises as providing automatic DNS API integration.
If you tick these requirements, proceed to https://github.com/basilhendroff/truenas-iocage-letsencrypt for scripted installation instructions.

Acknowledgements
  1. If it were not for the ground-breaking efforts of @danb35 to implement a means of deploying LE certificates to FreeNAS, and now TrueNAS, servers (refer to the community resource Let's Encrypt with FreeNAS 11.1 and later), centralised TrueNAS and FreeNAS certificate management for this resource would not be possible.
  2. Dennis Kaarsemaker for implementing python-hpilo, a python library and command-line tool, for interacting with HP iLO devices.
  3. Neil Pang for the LE client acme.sh and FRITZ!Box deploy hook.
Author
Basil Hendroff
Downloads
34,228
Views
137,527
First release
Last update
Rating
0.00 star(s) 0 ratings

More resources from Basil Hendroff

Top