danb35
Hall of Famer
- Joined
- Aug 16, 2011
- Messages
- 15,504
Strange; the docs say that method should work:
Time for more digging, I guess...
Time for more digging, I guess...
Well, the workaround atm, is for me to reboot servers out-of-hours. I'll do that when I get home this evening. Thanks for looking into this.Strange; the docs say that method should work:
Time for more digging, I guess...
Thanks for the confirmation.See:
Edit: This looks like a new bug in 12.0-U3--the script works fine on my test system running 12.0-U2.1, but when I upgraded it to -U3 I started getting the same error.
Pretty much. This shouldn't really be a big deal, as the FreeNAS system itself shouldn't ever be accessible directly from the Internet. But it's only needed if you're using HTTP validation; if you're using DNS validation you wouldn't need to mess with routing at all.Is jury rigging some kind of routing an exercise left to the reader?
I use dehydrated, but the fundamental mechanism is the same.Hello. I'm failing to understand how acme.sh is supposed to work in a jail. The jail has its own IP addresses, but the DNS record is pointing to the FreeNAS system. Is jury rigging some kind of routing an exercise left to the reader?
I am, for several things, but I think that's kind of orthogonal to the subject of this resource--that's about deploying a cert to the Free/TrueNAS UI itself. If you're putting it behind a proxy, ordinarily that proxy would handle TLS termination, and in that case my script wouldn't be all that relevant.@danb35 is using Caddy, if I am not mistaken.
Not exactly, apparently the devs decided to introduce yet another breaking API change in a maintenance release:This looks like a new bug in 12.0-U3
git pull
.deploy_freenas.py
, it chucks a wobbly.[Tue Nov 9 01:57:54 AWST 2021] Run reload cmd: /root/deploy-freenas/deploy_freenas.py --config /truenas/truenas-t.udance.com.au.conf Traceback (most recent call last): File "/root/deploy-freenas/deploy_freenas.py", line 22, in <module> import requests ModuleNotFoundError: No module named 'requests' [Tue Nov 9 01:57:54 AWST 2021] Reload error for :
deploy_freenas.py
pkg install py38-requests
should do the trick, and she'll be right, mate."Chucks a wobbly"? Can't say I've heard that expression before--but its meaning is pretty obvious, I guess. The error indicates that the environment in which you're running the script (i.e., your jail) doesn't have the Python Requests module install.pkg install py38-requests
should do the trick, and she'll be right, mate.
iocage exec <jailname> /root/.acme.sh/acme.sh --cron
--reloadcmd "/path/to/deploy_freenas.py"
No, if you used the --reloadcmd option when you issue the cert, acme.sh will remember it.Should I be adding
No, if you used the --reloadcmd option when you issue the cert, acme.sh will remember it.
No need to re-issue the cert; you can doI may have to re-execute the full command
acme.sh --install-cert -d <your_fqdn> --reloadcmd /path/to/deploy_freenas.py
. It will still pick up and save the reload command in your configuration, and run it next time it renews the cert.