letsencrypt on FreeBSD

Next: Setup letsencrypt on FreeBSD UP: TOC

This tutorial logs the activities for installing and setup "letsencrypt" on FreeBSD 10.2.

git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'... remote: Counting objects: 26576, done. remote: Compressing objects: 100% (9/9), done. remote: Total 26576 (delta 4), reused 0 (delta 0), pack-reused 26567 Receiving objects: 100% (26576/26576), 6.90 MiB | 1.06 MiB/s, done. Resolving deltas: 100% (18688/18688), done. Checking connectivity... done.
cd letsencrypt/
./letsencrypt-auto --help all
grep: /etc/os-release: No such file or directory WARNING: FreeBSD support is very experimental at present... if you would like to work on improving it, please ensure you have backups and then run this script again with the --debug flag!
./letsencrypt-auto --help --debug all
grep: /etc/os-release: No such file or directory Bootstrapping dependencies for FreeBSD... + pkg install -Ay git python py27-virtualenv augeas libffi Updating FreeBSD repository catalogue... FreeBSD repository is up-to-date. All repositories are up-to-date. The following 3 package(s) will be affected (of 0 checked): New packages to be INSTALLED: python: 2.7_2,2 py27-virtualenv: 13.1.0 augeas: 1.4.0 The process will require 6 MiB more space. 3 MiB to be downloaded. Fetching python-2.7_2,2.txz: 100% 996 B 1.0kB/s 00:01 Fetching py27-virtualenv-13.1.0.txz: 100% 2 MiB 2.1MB/s 00:01 Fetching augeas-1.4.0.txz: 100% 575 KiB 588.3kB/s 00:01 Checking integrity... done (0 conflicting) [1/3] Installing python-2.7_2,2... [1/3] Extracting python-2.7_2,2: 100% [2/3] Installing py27-virtualenv-13.1.0... [2/3] Extracting py27-virtualenv-13.1.0: 100% [3/3] Installing augeas-1.4.0... [3/3] Extracting augeas-1.4.0: 100% Creating virtual environment... Updating letsencrypt and virtual environment dependencies...You are using pip version 7.1.0, however version 7.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. .You are using pip version 7.1.0, however version 7.1.2 is available. You should consider upgrading via the 'pip install --upgrade pip' command. ... Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt --help --debug all letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ... The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates. By default, it will attempt to use a webserver both for obtaining and installing the cert. Major SUBCOMMANDS are: (default) run Obtain & install a cert in your current webserver certonly Obtain cert, but do not install it (aka "auth") install Install a previously obtained cert in a server revoke Revoke a previously obtained certificate rollback Rollback server configuration changes made during install config_changes Show changes made to server config during installation plugins Display information about installed plugins Choice of server plugins for obtaining and installing cert: --apache Use the Apache plugin for authentication & installation --standalone Run a standalone webserver for authentication (nginx support is experimental, buggy, and not installed by default) --webroot Place files in a server's webroot folder for authentication OR use different plugins to obtain (authenticate) the cert and then install it: --authenticator standalone --installer apache More detailed help: -h, --help [topic] print this message, or detailed help on a topic; the available topics are: all, automation, paths, security, testing, or any of the subcommands or plugins (certonly, install, nginx, apache, standalone, webroot, etc)

The nginx virtual hosts file will be adjusted as follows

# all http traffic will be diverted to https: listen 80; server_name www.logikfabrik.com; return 301 https://www.logikfabrik.com; } server { listen 443 ; server_name www.logikfabrik.com; access_log .... error_log .... root /usr/local/www/.... index index.php; ssl_certificate /etc/letsencrypt/live/www.logikfabrik.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.logikfabrik.com/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/www.logikfabrik.com/fullchain.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; Next: Setup letsencrypt on FreeBSD UP: TOC