FreeNAS: How to Deploy a Let’s Encrypt SSL Certificate in FreeNAS 11.x and HTTPS Configuration

Greetings friends, the other day I showed you how to deploy FreeNAS 11.x on a vSphere environment, which can be perfectly reproduced in Hyper-V, or in any other Hypervisor or physical, or in Cloud.

One of the most important things in this type of cases, is to have security when we activate space sharing services, whether FTP, Object Storage, etc.. That’s why today, we’re going to see how to deploy a Let’s Encrypt SSL Certificate over FreeNAS 11.x.

SSH connection to our FreeNAS 11.x

The first step will be to be able to access our FreeNAS via SSH, for this we will go to the services part, and in SSH, we will click on Actions to edit the options:Several options here, the most important in my case is to allow root login, since I have no more users: Once we have the configuration as we want, we will enable the service and also tell it to start automatically, if we want to access often by SSH, not really recommended:

Installing Let’s Encrypt packages and requesting our SSL certificate

Once we are connected by SSH, we will download the acme package, which allows us to automate calls to Let’s Encrypt:

In addition, we will download the following GitHub repository that contains the script that allows us to do this automatically, thanks to Danb35:

Once downloaded everything, we will have to edit the file called deploy_config.example and rename it to deploy_config, to the document we will have to add our password, and that will be the only change we will make.

Now that we have almost everything ready, we will return to the main root folder and launch the following commands, in my case I am using CloudFlare for my domain, so we can obtain an SSL certificate very easily using DNS authentication, which this script does automatically, we must know our FQDN for our FreeNAS, in my case freenas.jorgedelacruz.es:

To know your Cloudflare Key, here where you can find it:

Once we launch this command well, we can see a result similar to this one:

We see how the script has taken care of everything, from creating the DNS entry, to making the request to Let’s Encrypt, downloading the SSL, and including it in the paths for FreeNAS to see.

Change the interface of FreeNAS 11.x to be accessible only from HTTPS

We will go through HTTP and FQDN or IP to our FreeNAS, up to System – General, and change the interface to HTTPS and select Let’s Encrypt SSL Certificate:Once we have saved the changes, access by HTTPS://TUNOMBREDEFREENAS.TUDOMINIO.COM and we can see the long-awaited green padlock, if we explore we can see that is a valid SSL certificate:If we want to see the details, here we can see the FQDN that I use with my valid SSL.Congratulations! We have everything ready and securely to start offering NAS services securely, I hope you like the article.

I leave you the whole menu with the entries on FreeNAS:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.