letsencrypt setup on freebsd

Valeri Galtsev galtsev at kicp.uchicago.edu
Mon Dec 19 17:55:18 UTC 2016

On Mon, December 19, 2016 11:32 am, David Mehler wrote:
> Hello,
> How did you get letsencrypt set up on FreeBSD? The more I'm reading
> the more confusing I'm finding it.

Here is what I did (followed mostly these two docs):

# https://letsencrypt.org/getting-started/
# https://certbot.eff.org/#freebsd-apache

pkg install py27-certbot

certbot certonly --webroot -w /usr/local/www/apache24/data -d

#  Note, that /usr/local/www/apache24/data is webroot of running webserver
serving [your_domain_name].org

#Certificate and chain have been saved at:


# Now, note that you have to set cron job to renew them as certs
# expire after 90 days...

# Configure apache

vi /usr/local/etc/apache24/extra/httpd-ssl.conf



# and restart apache now.

# note that there are symlinks:
# ls -l /usr/local/etc/letsencrypt/live/[your_domain_name].org/
# and here where actual files are
# cd /usr/local/etc/letsencrypt/archive/[your_domain_name].org

# check that renew certificate script works

/usr/local/bin/certbot renew --dry-run

# it only reports about renewing

# To not miss the renewal moment, set cronjob twice a day:

#crontab -e
#27 1,13 * * * /usr/local/bin/certbot renew --quiet

# Note that for cron job to work you have to have cron daemon running
# I hit this snag as all the above I actually have inside the jail
# that runs that service for .org domain I support for on of our projects.

# Alternatively you can set cron job outside jail, something like this:

crontab -e
27 1,13 * * * /usr/sbin/jexec `/usr/sbin/jls | /usr/bin/grep
[your_domain_name_or_rather_jail_name] | /usr/bin/awk '{ print $1 }'`
/usr/local/bin/certbot renew --quiet

And that should be it.

Good luck!


> Thanks.
> Dave.

Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

More information about the freebsd-questions mailing list