search

danb35 / deploy-freenas

Python script to automate deploying TLS certificates to FreeNAS servers
GNU General Public License v3.0
202 stars 56 forks source link

I have an error in line 82 Truenas scale #62

Closed chuxxsss closed 1 year ago

chuxxsss commented 2 years ago

Hi Dan, I am new at making encryption keys for truenas. I am doing something wrong. I have made sub directories, Have put a password in and copied you api key. Where am I going wrong please. Bit of a noob on letsencrypt.

All the best Chuxxsss

root@Egits[~/deploy-freenas]# ./deploy_freenas.py
Traceback (most recent call last): File "/root/deploy-freenas/./deploy_freenas.py", line 82, in with open(PRIVATEKEY_PATH, 'r') as file: FileNotFoundError: [Errno 2] No such file or directory: '/someone/sec/me' root@Egits[~/deploy-freenas]# nano deploy_config
root@Egits[~/deploy-freenas]# ./deploy_freenas.py Traceback (most recent call last): File "/root/deploy-freenas/./deploy_freenas.py", line 82, in with open(PRIVATEKEY_PATH, 'r') as file: FileNotFoundError: [Errno 2] No such file or directory: '~/someone/sec/me'

danb35 commented 2 years ago

The deploy_freenas script needs to know where the certificate and private key files are. It defaults to the default location that acme.sh uses: /root/.acme.sh/$FQDN/$FQDN.key for the private key, and /root/.acme.sh/$FQDN/fullchain.cer for the certificate, where $FQDN represents the configured fully-qualified domain name of your NAS. You can override these defaults by setting privkey_path and fullchain_path, respectively, in your config file. It appears that you've done this, but set at least the private key path incorrectly.

chuxxsss commented 2 years ago

Thanks Dan, this is my first time making keys for any server. Last time I played with pgp keys was in the 90s. Anymore help would really be appreciated.

Chris

⁣Get BlueMail for Android ​

On 17 Oct 2022, 9:49 am, at 9:49 am, danb35 @.***> wrote:

The deploy_freenas script needs to know where the certificate and private key files are. It defaults to the default location that acme.sh uses: /root/.acme.sh/$FQDN/$FQDN.key for the private key, and /root/.acme.sh/$FQDN/fullchain.cer for the certificate, where $FQDN represents the configured fully-qualified domain name of your NAS. You can override these defaults by setting privkey_path and fullchain_path, respectively, in your config file. It appears that you've done this, but set at least the private key path incorrectly.

-- Reply to this email directly or view it on GitHub: https://github.com/danb35/deploy-freenas/issues/62#issuecomment-1280075028 You are receiving this because you authored the thread.

Message ID: @.***>

danb35 commented 2 years ago

I'm not sure what other help I can give. You need to tell the script where the key and cert files are located. Only you know where that is; I certainly don't.

dogsbody commented 2 years ago

I'm in the process of migrating from CORE to SCALE and one of the differences is that hostname no longer returns the fully qualified domain name.

I fixed this by setting cert_fqdn in the deploy_config which seems to have fixed the above problem.

chuxxsss commented 2 years ago

Thanks Dan,                        I need to work on it Sunday as my wife need to use it.   I am not hundred percent on the host name stuff.

⁣Get BlueMail for Android ​

On 23 Oct 2022, 9:23 am, at 9:23 am, Dan Benton @.***> wrote:

I'm in the process of migrating from CORE to SCALE and one of the differences is that hostname no longer returns the fully qualified domain name.

I fixed this by setting cert_fqdn in the deploy_config which seems to have fixed the above problem.

(I do now have another problem but I'm not going to confuse this issue with it)

-- Reply to this email directly or view it on GitHub: https://github.com/danb35/deploy-freenas/issues/62#issuecomment-1287932473 You are receiving this because you authored the thread.

Message ID: @.***>

chuxxsss commented 2 years ago

Still having problems Dan, Any luck moving to scale? truenas letencry

dogsbody commented 2 years ago

Hi @chuxxsss The error is the line saying File Not Found "~/someone/sec/me". I don't know what you have set in deploy_config file but I assume that you have pointed it to some ssl cert files that don't exist or you don't have permissions for.

I have this running in TrueNAS SCALE with no issues other than having to set cert_fqdn in the deploy_config as mentioned above.

My entire setup was documented as...

# Install and setup deploy-freenas
cd /root
git clone https://github.com/danb35/deploy-freenas
cp deploy-freenas/deploy_config.example deploy-freenas/deploy_config
vim deploy-freenas/deploy_config  # set the set the API key and cert_fqdn, everything else can stay stock

# Install acme.sh and get a cert
curl https://get.acme.sh/ | sh
.acme.sh/acme.sh --set-default-ca --server letsencrypt
# The following is for DNS Made Easy [Other Options](https://github.com/acmesh-official/acme.sh/wiki/dnsapi)
export ME_Key="<key>"
export ME_Secret="<secret>"
.acme.sh/acme.sh --issue -d fqdn.example.com --dns dns_me --reloadcmd "/root/deploy-freenas/deploy_freenas.py"

Setup two Cron Tasks via the GUI (crons setup in the system will be overwritten during an upgrade)

  1. Renew Cert '17 02 *' '/root/.acme.sh/acme.sh --cron --home "/root/.acme.sh"'
  2. Pull Latest SSL deploy script '0 0 *' 'git -C /root/deploy-freenas/ pull'
danb35 commented 2 years ago

Please don't post screen shots of text--just copy/paste the text and then set it off with ``` before and after.

Why are you runnung deploy_freenas.py r?

As to the prior command, it's looking for a file at ~/someone/sec/me, which it can't find. Make sure its path is correct, and it's best to specify an absolute path (e.g., /mnt/tank/foo/bar/cert.pem rather than ~/bar/cert.pem).