When the certificate has been downloaded locally and the reload command is executed, an error is displayed.

danb35 / deploy-freenas

Python script to automate deploying TLS certificates to FreeNAS servers

GNU General Public License v3.0

203 stars 56 forks source link

When the certificate has been downloaded locally and the reload command is executed, an error is displayed. #69

Closed Ryker97 closed 11 months ago

Ryker97 commented 11 months ago

When the certificate has been downloaded locally and the reload command is executed, an error is displayed. issue It appears that the issue is due to the deploy_freenas.py file being unable to obtain the correct path when reloading the SSL certificate.

danb35 commented 11 months ago

It's much easier to follow if you'd paste the text of the error into the issue, rather than a screen shot. But with that said, the script constructs the default path to the private key (and certificate) using the hostname of your server. So, to correct this, you have two options:

Set the hostname of your NAS to the FQDN of the cert you're obtaining, or
Set privkey_path and fullchain_path to the appropriate values in your config file.

Once you've done either of those, you can just run deploy_freenas.py to deploy the cert; there's no need to get a new cert first.

Ryker97 commented 11 months ago

-----END CERTIFICATE----- [Sun Dec 31 01:26:51 CST 2023] Your cert is in: /root/.acme.sh/truenas.hyk.plus_ecc/truenas.hyk.plus.cer [Sun Dec 31 01:26:51 CST 2023] Your cert key is in: /root/.acme.sh/truenas.hyk.plus_ecc/truenas.hyk.plus.key [Sun Dec 31 01:26:51 CST 2023] The intermediate CA cert is in: /root/.acme.sh/truenas.hyk.plus_ecc/ca.cer [Sun Dec 31 01:26:51 CST 2023] And the full chain certs is there: /root/.acme.sh/truenas.hyk.plus_ecc/fullchain.cer [Sun Dec 31 01:26:52 CST 2023] Run reload cmd: /root/deploy-freenas/deploy_freenas.py Traceback (most recent call last): File "/root/deploy-freenas/deploy_freenas.py", line 84, in with open(PRIVATEKEY_PATH, 'r') as file: ^^^^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/root/.acme.sh/TrueNAS/TrueNAS.key' [Sun Dec 31 01:26:52 CST 2023] Reload error for :

This is the log. I don't understand why the certificate generation path includes the term "ecc."

Ryker97 commented 11 months ago

How to set the appropriate values of privkey_path and fullchain_path?

Ryker97 commented 11 months ago

root@TrueNAS[~]# /root/deploy-freenas/deploy_freenas.py Traceback (most recent call last): File "/root/deploy-freenas/deploy_freenas.py", line 84, in with open(PRIVATEKEY_PATH, 'r') as file: ^^^^^^^^^^^^^^^^^^^^^^^^^^ FileNotFoundError: [Errno 2] No such file or directory: '/root/.acme.sh/truenas.hyk.plus/truenas.hyk.plus.key'

I have set the hostname of my NAS to the FQDN of the cert you're obtaining, It still made a mistake.

danb35 commented 11 months ago

How to set the appropriate values of privkey_path and fullchain_path?

I'm not sure what you're asking here. The command output you've quoted shows the paths to those files. The deploy_config.example file documents how to set every option you can set. What part is unclear?