Use Let's Encrypt certificates for services like FTP in TrueNAS

B

Breit

Dabbler
Joined
Oct 4, 2016
Messages
25
Like the title says: Is there a way to officially use Let's Encrypt certificates (or any other external certificates for that matter) for services like FTP on TrueNAS?

The GUI only seems to support pasting contents of an external certificate into some field in the wizard, but that is impractical for certificates that expire and thus change every now and then. An import based on a path to a file on disk would be awesome.

In the case of FTP, I worked around this by disabling TLS in the GUI and put something like this to the "auxiliary parameters" section:
Code:
LoadModule mod_tls.c
<IfModule mod_tls.c>
    TLSEngine on
    TLSProtocol SSLv3 TLSv1.2

    TLSOptions NoSessionReuseRequired
    TLSRSACertificateFile <path to PEM file>
    TLSRSACertificateKeyFile <path to PEM file>
    TLSCACertificateFile <path to PEM file>
    TLSVerifyClient off
    TLSRequired on
</IfModule>


This feels very hacky and not like it is supposed to work like that. But it does for now...
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
I'm pretty sure my script applies (or can apply) the cert to the FTP service:
github.com

GitHub - danb35/deploy-freenas: Python script to automate deploying TLS certificates to TrueNAS servers

Python script to automate deploying TLS certificates to TrueNAS servers - danb35/deploy-freenas
github.com github.com
See also:

Let's Encrypt with FreeNAS 11.1 and later

Integrating Let’s Encrypt TLS Certificates with FreeNAS FreeNAS has long had the ability to use HTTPS for the web GUI, but that has usually meant dealing with self-signed certificates and the associated headaches, or paying for a commercial...
www.truenas.com www.truenas.com
 
B

Breit

Dabbler
Joined
Oct 4, 2016
Messages
25
Thanks, looks promising. But I have to admit, I'm not completely sure if it does what I need. Does it make a certificate available in the TrueNAS database (under System/Certificates in the GUI) or does it install a certificate for the Web-Interface or some service?

All I need is an entry under System/Certificates for my Let's Encrypt certificate that gets automatically updated if the certificate on my certificate-store dataset gets updated (through certbot) or better only points to that file on this dataset. The certificate is needed to appear unter System/Certificates because that is the only place where I can choose the TLS certificates from for the FTP service in the GUI.
 
danb35

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,504
Breit said:
Does it make a certificate available in the TrueNAS database (under System/Certificates in the GUI) or does it install a certificate for the Web-Interface or some service?
Click to expand...
Yes, and yes. It puts the cert into the TrueNAS database, selects that cert for the web GUI, and optionally selects that cert for other services (WebDAV, S3, and/or FTP)
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Use Let's Encrypt certificates for services like FTP in TrueNAS"

Similar threads

D
acme.sh Let's Encrypt Certificates
Replies
0
Views
3K
Deleted member 104047
D
airflow
[HOWTO] configure official certificates for FreeNAS using Let's Encrypt
2
Replies
24
Views
51K
KevDog
K
P
Externally managing (Let's Encrypt) Certificates
Replies
1
Views
2K
rustyjp
R
R
NextCloud Let's Encrypt (nginx)
2
Replies
31
Views
24K
KenNashua
K
Jeren
  • Locked
FTP was working until I added syslog dataset
2
Replies
31
Views
12K
npereira
N
Top