Cloud-Kid
commented
4 years ago Hey ! I have the same problem here, I know a bit about IT and networking but I don't want to mess with the script at this point, any fixes ?
Open danb35 opened 6 years ago
Cloud-Kid
commented
4 years ago Hey ! I have the same problem here, I know a bit about IT and networking but I don't want to mess with the script at this point, any fixes ?
danb35
commented
4 years ago There is no "fix" because this isn't a problem; it's a potential future enhancement that IMO is of pretty low value. I haven't done any work in this direction and don't expect to, but I'd be happy to consider a PR if it worked cleanly.
On Thu, Jan 9, 2020 at 7:44 AM yugohug0 notifications@github.com wrote:
Hey ! I have the same problem here, I know a bit about IT and networking but I don't want to mess with the script at this point, any fixes ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/danb35/deploy-freenas/issues/4?email_source=notifications&email_token=AC4PNH5CGETFSJQR6LOHICTQ44L3DA5CNFSM4E2BA4UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIQFUBY#issuecomment-572545543, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC4PNH7CVH3M67WFQHXG3J3Q44L3DANCNFSM4E2BA4UA .
Cloud-Kid
commented
4 years ago Hey ! Thanks for the fast answer, can you tell me what's an "IMO" and how I can manage this to work basically ?
Thanks again for your project :)
danb35
commented
4 years ago "IMO" = "in my opinion". I'm not quite sure what you mean by your last question--to manage the script, download it, prepare a configuration file, and in the most common use case (or at least the use case I had in mind when I wrote it), call it from your ACME client (certbot, acme.sh, or whatever else you like). That client will handle obtaining/renewing your cert from Let's Encrypt, and then it will call this script to deploy the cert to your FreeNAS server. I think this is pretty well discussed in the README--were there parts that were unclear or incomplete?
Cloud-Kid
commented
4 years ago Thanks for the translation ! I mean everything seems to work fine, certificates are created and stored, I can see them in my freenas structure. But when I connect to my web GUI I can't select any SSL certificate, so do I need to move them in a very special place ?
That's the only thing I can't figure out at the moment
In one question : Where the certificates/keys need to be placed in order to allow their selection through the freenas web GUI
danb35
commented
4 years ago I can see them in my freenas structure.
Where do you "see them in [your] freenas structure"? You should see them listed in the "certificates" page: https://www.ixsystems.com/documentation/freenas/11.2-U7/system.html#certificates
Where the certificates/keys need to be placed in order to allow their selection through the freenas web GUI
This is what the script is supposed to do--import and select the cert/key. You shouldn't need to do anything manually. But none of this has anything to do with importing the CA certificate into the CAs section of the FreeNAS configuration.
On Tue, Jan 21, 2020 at 9:11 AM yugohug0 notifications@github.com wrote:
Thanks for the translation ! I mean everything seems to work fine, certificates are created and stored, I can see them in my freenas structure. But when I connect to my web GUI I can't select any SSL certificate, so do I need to move them in a very special place ?
That's the only thing I can't figure out at the moment
In one question : Where the certificates/keys need to be placed in order to allow their selection through the freenas web GUI
[image: Capture d’écran 2020-01-21 à 15 06 21] https://user-images.githubusercontent.com/49484832/72811329-b259a300-3c5f-11ea-92ab-59282c1b3a23.png
[image: Capture d’écran 2020-01-21 à 15 06 28] https://user-images.githubusercontent.com/49484832/72811330-b259a300-3c5f-11ea-9a23-6867eb8b0ccb.png
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/danb35/deploy-freenas/issues/4?email_source=notifications&email_token=AC4PNH3O5OQET4NJIJFEKIDQ637BDA5CNFSM4E2BA4UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJP3T7Y#issuecomment-576698879, or unsubscribe https://github.com/notifications/unsubscribe-auth/AC4PNH5PZQJ4QNUI54VE4I3Q637BDANCNFSM4E2BA4UA .
Cloud-Kid
commented
4 years ago I can see the CERT/KEY by following this path "/root/.acme.sh/mydomainname.com" and i have 0 error by executing your script, maybe i've done something wrong ? I'm gonna try again and delete every stuff under this path beforehand, that's really strange because your script looks nice and it's seem pretty straightforward.
Thanks for your understanding
danb35
commented
4 years ago Please open a new issue--once again, the problems you're seeing have nothing to do with importing the intermediate CA certificate. And when you open that new issue, post the complete output of running the deploy_freenas.py script.
The script imports the CA cert as part of the server cert (it uses the fullchain.cer file, which includes both), but it doesn't separately import it into the Certificate Authorities in the FreeNAS middleware. This shouldn't be necessary for web GUI purposes, but might be helpful for other uses. Would want to check if the same CA is already present before importing a new one, though.