But it can use a little improvement. I'd like to see four things:
(1) more than just the Cloud Flare example. I used DuckDNS and had to figure things out (see below). Maybe juxtapose the relevant documentation w/ the implementation and give some guidance of how things may vary.
(2) I put everything in a jail and think this is good practice. Some discussion about using jails would be helpful. Even better, if you agree about the value of using a jail, would be revising the instructions to include use of a jail.
(3) Because current versions of FreeNAS (11.2+) use iocage, some discussion of appropriate iocage commands.
(4) Because current versions of FreeNAS do not include bash in a jail by default, examples or instructions using csh instead.
Here's what I did for DuckDNS:
Issuing the Certificate w/ DNS challenge:
Start a shell within the jail
setenv DuckDNS_Token "<token goes here>"
.acme.sh/acme.sh --insecure --issue --dns dns_duckdns -d <subdomain>.duckdns.org
Cron job to automate renewal:
FreeNAS > Tasks > Cron Jobs
Command = iocage exec acme /root/.acme.sh/acme.sh --cron
Run as user = root
Description & Schedule are left whatever you want.
Has been working well for ages but I just had an issue where the certificate wasn't updated automatically and thought I would share the fix in case anyone else had the same problem. I ran deploy_freenas.py manually and got a 409 error and so I went to System - General in the FreeNAS GUI and tried update the certificate manually there and it turned out that there was a problem with my config (IPv6 address was invalid). Once I fixed that the script ran successfully and life was good again.
Got everything working, except when it came to my password. Turns out, you can't use certain special characters in your root password, or this script blows up. The ones I found were "%", "(", and ")".
Everything else was perfect.
I'm using Amazon Route 53 for my DNS, and the only complaint I have is that I can't use `ddclient` with it (out of the box, anyway...apparently there are workarounds) to keep my domain's IP up to date.
Great resource, covered all it needed to and easy to follow.
I very much appreciated the advice on using CloudFlare DNS, I didn't know they had a free DNS hosting service, so pleased to have moved my domain NS over to that.
One suggestion I would have is, if you're like me and were previously using 'freenas.local' rather than freenas.domain.tld - get that working beforehand. I half did it during the implementation and it caused a bunch of weird errors with deploy_freenas.py when it couldn't actually access freenas using the name I'd provided. (lack of setting up those A records / host file appropriately beforehand).
I also got some errors about root having no crontab during install of acme.sh but I assume that's expected.