The SSL certificate for my company domain (apeconsulting.co.uk) was due to expire at the beginning of June and was slightly out of kilter with my other certificates.  They are all LetsEncrypt ones and are created using Certbot in a jail on my FreeNAS server, but for some reason Certbot had decided it doesn’t want to work anymore, which was one of the main reasons for updating my FreeNAS server here.  So after the upgrade, I had to decide whether to rebuild my NGINX proxy server (which I used for running Certbot) or to build a jail just for running Certbot and maintaining the certificates.

I went to a new jail, as I thought the process would be easier and it keeps things nice and neat from an update perspective.  It’s easy enough to mount a folder in the Certbot jail into the NGINX proxy jail, and then edit the nginx.conf files to the files there.  Setting up the jail was a piece of cake (other than naming it ssh instead of SSL, but I’ll live with that for now as you can’t rename jails!) – pkg install py27-certbot – but I think I made hard work again of creating all the certificates.  

I ended up using a manual process where I needed to ensure an acme-challenge file was accessible on my web sites, and also created individual certificates when I suspect these could be covered off with one.  I do need to spend some time reading the documentation for LetsEncrypt and Certbot before the middle of August when they’ll all expire again.  It should be something I can just auto-renew, but I suspect manually creating them doesn’t allow for that with the current version.

Anyway, thought I’d share how I wasted a few hours this afternoon 😉