Add `ui_certificate_enabled` to optionally disable updating UI
|2 months ago|
|.gitignore||4 years ago|
|LICENSE||2 years ago|
|README.md||3 months ago|
|deploy_config.example||3 months ago|
|deploy_freenas.py||2 months ago|
deploy-freenas.py is a Python script to deploy TLS certificates to a FreeNAS/TrueNAS (Core) server using the FreeNAS/TrueNAS API. This should ensure that the certificate data is properly stored in the configuration database, and that all appropriate services use this certificate. Its original intent was to be called from a Let's Encrypt client like acme.sh after the certificate is issued, so that the entire process of issuance (or renewal) and deployment can be automated. However, it can be used with certificates from any source, whether a different ACME-based certificate authority or otherwise.
This script can run on any machine running Python 3 that has network access to your FreeNAS/TrueNAS server, but in most cases it's best to run it directly on the FreeNAS/TrueNAS box. Change to a convenient directory and run
git clone https://github.com/danb35/deploy-freenas.
The relevant configuration takes place in the
deploy_config file. You can create this file either by copying
deploy_config.example from this repository, or directly using your preferred text editor. Its format is as follows:
[deploy] password = YourReallySecureRootPassword cert_fqdn = foo.bar.baz connect_host = baz.bar.foo verify = false privkey_path = /some/other/path fullchain_path = /some/other/other/path protocol = https:// port = 443 ui_certificate_enabled = false s3_enabled = false ftp_enabled = false webdav_enabled = false cert_base_name = letsencrypt
api_key) is optional, and the defaults are documented in
On TrueNAS (Core) 12.0 and up you should use API key authentication instead of password authentication.
Generate a new API token in the UI first, then add it as
api_key to the config, which replaces the
api_key = 1-DXcZ19sZoZFdGATIidJ8vMP6dxk3nHWz3XX876oxS7FospAGMQjkOft0h4itJDSP
Once you've prepared
deploy_config, you can run
deploy_freenas.py. The intended use is that it would be called by your ACME client after issuing a certificate. With acme.sh, for example, you'd add
--reloadcmd "/path/to/deploy_freenas.py" to your command.
There is an optional paramter,
--config, that lets you specify the path to your configuration file. By default the script will try to use
deploy_config in the script working directoy:
/path/to/deploy_freenas.py --config /somewhere/else/deploy_config