letsencrypt.sh with nginx on FreeBSD 11

Installing letsencrypt.sh is very easy. Just issue this command:

cd /usr/ports/security/letsencrypt.sh/ && make install clean

Lets have a look at the default variables used by letsencrypt.sh:

/usr/local/bin/letsencrypt.sh --env

# letsencrypt.sh configuration # # !! WARNING !! No main config file found, using default config! # declare -- CA="https://acme-v01.api.letsencrypt.org/directory" declare -- LICENSE="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" declare -- CHALLENGETYPE="http-01" declare -- HOOK="" declare -- HOOK_CHAIN="no" declare -- RENEW_DAYS="30" declare -- ACCOUNT_KEY="/usr/local/bin/private_key.pem" declare -- ACCOUNT_KEY_JSON="/usr/local/bin/private_key.json" declare -- KEYSIZE="4096" declare -- WELLKNOWN="/usr/local/bin/.acme-challenges" declare -- PRIVATE_KEY_RENEW="yes" declare -- OPENSSL_CNF="/etc/ssl/openssl.cnf" declare -- CONTACT_EMAIL="" declare -- LOCKFILE="/usr/local/bin/lock"

Next we need to update nginx configuration. The directory "WELLKNOWN" as defined in the previous step must exist and must be readable by nginx. In the configuration files vhost/.... for this domain we need those adjustments:


server {
   listen......


  location ^~ /.well-known/acme-challenge/ {
      default_type "text/plain";
     # this directory must exists and is identical to WELLKNOWN:
      alias /usr/local/bin/.acme-challenges/;    
    }

Restart nginx to make the adjustment active:

service nginx restart

Generate the certificate as follows:


/usr/local/bin/letsencrypt.sh --cron --domain www.lf24.com --challenge http-01

# # !! WARNING !! No main config file found, using default config! # Processing www.lf24.com + Signing domains... + Generating private key... + Generating signing request... + Requesting challenge for www.lf24.com... + Responding to challenge for www.lf24.com... + Challenge is valid! + Requesting certificate... + Checking certificate... + Done! + Creating fullchain.pem... + Done!

Last but not least, update your webserver's vhost file

server {
    listen 80 ;
    listen 443 ssl http2;
    server_name www.lf24.com;
    client_max_body_size 10M;   # max size for uploading image files
    client_body_buffer_size 10M;   # ava 20160501
    index index.php;
    server_tokens off;

    ssl on;
    ssl_certificate /usr/local/bin/certs/www.lf24.com/fullchain.pem;
    ssl_certificate_key /usr/local/bin/certs/www.lf24.com/privkey.pem;
    ssl_trusted_certificate /usr/local/bin/certs/www.lf24.com/fullchain.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;

Published: May 6, 2019

Change Content

The information on this page is user generated content. The content does not claim to be complete or correct.

Everybody is invited to add or change the data. Just click on this link. No login or email is required. Thanks.