Let's encrypt and FreeNAS 11

[iacapuca]

I'm trying to get a valid cert for my FreeNAS 11 build, but right now I was not able to succeed in any way.
My FreeNAS build is behind a router, and my ISP block's port 80, how can I proceed to get the cerbot working?

 

[m0nkey_]

You can use certbot to generate a certificate using a DNS challenge. You will need to create a jail to install/run certbot.

https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation

 

[iacapuca]

So, I'm running the following command:

./letsencrypt-auto --debug certonly --standalone -d <mydomain.com>;


But I keep receiving a failure message of timeout.
As I said, my server can listen to 443, and right now I'm fowarding 443 to internal 443, direct to the jail that is doing the challenge, I cant listen to 80, due the fact that my ISP blocks it, is there anything I can do?

 

[iacapuca]

Ok, now I was able to generate a cert through
certbot -d <mydomain.com> --manual --preferred-challenges dns certonly


But cerbot did not generated any private key.

 

[m0nkey_]

You need to follow the instructions that certbot provides when you do a DNS challenge. This typically involves creating a TXT record within your domain.

 

[danb35]

I cant listen to 80, due the fact that my ISP blocks it, is there anything I can do?

Yes, you can do what @m0nkey_ recommended and use the DNS challenge. This will only be useful to you in the long term if your DNS provider has an API that supports automating updates (otherwise you'll need to make manual changes to your DNS records every couple of months), and you'll probably want to use a different client than certbot.

You also really don't want to expose the web GUI to the Internet, even with SSL.