FreeNAS: How to Deploy a Let’s Encrypt SSL Certificate in FreeNAS 11.x and HTTPS Configuration

Greetings friends, the other day I showed you how to deploy FreeNAS 11.x on a vSphere environment, which can be perfectly reproduced in Hyper-V, or in any other Hypervisor or physical, or in Cloud.

One of the most important things in this type of cases, is to have security when we activate space sharing services, whether FTP, Object Storage, etc.. That’s why today, we’re going to see how to deploy a Let’s Encrypt SSL Certificate over FreeNAS 11.x.

SSH connection to our FreeNAS 11.x

The first step will be to be able to access our FreeNAS via SSH, for this we will go to the services part, and in SSH, we will click on Actions to edit the options:Several options here, the most important in my case is to allow root login, since I have no more users: Once we have the configuration as we want, we will enable the service and also tell it to start automatically, if we want to access often by SSH, not really recommended:

Installing Let’s Encrypt packages and requesting our SSL certificate

Once we are connected by SSH, we will download the acme package, which allows us to automate calls to Let’s Encrypt:

In addition, we will download the following GitHub repository that contains the script that allows us to do this automatically, thanks to Danb35:

Once downloaded everything, we will have to edit the file called deploy_config.example and rename it to deploy_config, to the document we will have to add our password, and that will be the only change we will make.

Now that we have almost everything ready, we will return to the main root folder and launch the following commands, in my case I am using CloudFlare for my domain, so we can obtain an SSL certificate very easily using DNS authentication, which this script does automatically, we must know our FQDN for our FreeNAS, in my case

To know your Cloudflare Key, here where you can find it:

Once we launch this command well, we can see a result similar to this one:

We see how the script has taken care of everything, from creating the DNS entry, to making the request to Let’s Encrypt, downloading the SSL, and including it in the paths for FreeNAS to see.

Change the interface of FreeNAS 11.x to be accessible only from HTTPS

We will go through HTTP and FQDN or IP to our FreeNAS, up to System – General, and change the interface to HTTPS and select Let’s Encrypt SSL Certificate:Once we have saved the changes, access by HTTPS://TUNOMBREDEFREENAS.TUDOMINIO.COM and we can see the long-awaited green padlock, if we explore we can see that is a valid SSL certificate:If we want to see the details, here we can see the FQDN that I use with my valid SSL.Congratulations! We have everything ready and securely to start offering NAS services securely, I hope you like the article.

I leave you the whole menu with the entries on FreeNAS:

Author: jorgeuk

Father, writing in and Blogger, Systems Engineer @veeam - vExpert 2014/2020 & NTC 2018/19

11 Thoughts

  1. i have ran the script but it keeps saying :

    FileNotFoundError: [Errno 2] No such file or directory: ‘/root/’
    [Thu Dec 5 12:23:01 PST 2019] Reload error for :

    Please help

    p.s. i am a freenas and shell rookie

  2. Worked like a charm. Thanks.
    I have installed several jails in FreeNAS 11.3.
    How can I connect to them via https?
    Thank you

  3. Well done.

    This is working with gcloud
    You just have to add a zone

    Then # /root/ –issue –dns dns_gcloud -d -d ‘*’ –reloadcmd “/root/deploy-freenas/”

  4. I am a complete novice and new to FreeNAS. I use easyDNS. I believe that I have followed everything correctly, but I am not able to view or import the certificate within FreeNAS GUI. This appears to be as far as I can get….

    [Fri May 22 14:20:35 PDT 2020] Your cert is in /root/
    [Fri May 22 14:20:35 PDT 2020] Your cert key is in /root/
    [Fri May 22 14:20:35 PDT 2020] The intermediate CA cert is in /root/
    [Fri May 22 14:20:35 PDT 2020] And the full chain certs is there: /root/
    [Fri May 22 14:20:35 PDT 2020] Run reload cmd: /root/
    /root/ line 5291: /root/ No such file or directory

    Do you know what I may have done wrong?

  5. Hello Ryan,
    Once you ran the script, it should autoadded it to the GUI, you can anyways double check your SSL certificate on the GUI under Administration, can see you it there?

  6. Hello Jorge,

    Firstly thank you for your amazing guide it has helped me set this up and has worked great for ages.

    I am seeing an error when reloading the SSL certificate.

    The certificate renews and when I re run the command it shows that it does not need to renew for another 2 months (as expected)

    The SSL certificate is in the file when going in via SSH but it does not get added to the UI and it does not get used by the Web portal.

    I have the full log here ––2zACaQ75UspdCfFW7s1vLg/edit?usp=sharing

    I suspect this may be to do with either running the v1.0 api or the use of FreeNAS 12 beta.

    any guidance would be greatly appreciated, Hostnames blanked out for MY-FreeNAS.Hostname and MY-FreeNAS2.Hostname

    Thank you in advance

  7. Hello Jorge,

    I tried your tutorial with TrueNAS CORE 12 and it seems to run.

    But after the Certificate is imported, I get the following:

    Error importing certificate!
    401: Unauthorized
    [Sat Oct 3 17:57:09 CEST 2020] Reload error for :

    Do you have any Idea what could have gone wrong?

    Thank you in advance 🙂

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.