When the certificate has been downloaded locally and the reload command is executed, an error is displayed.

Question

When the certificate has been downloaded locally and the reload command is executed, an error is displayed.

Ryker97 opened this issue 10 months ago · 5 comments

When the certificate has been downloaded locally and the reload command is executed, an error is displayed.

It appears that the issue is due to the deploy_freenas.py file being unable to obtain the correct path when reloading the SSL certificate.

Answer 1 · 2023-12-30T15:57:42.000Z

It's much easier to follow if you'd paste the text of the error into the issue, rather than a screen shot. But with that said, the script constructs the default path to the private key (and certificate) using the hostname of your server. So, to correct this, you have two options:

Set the hostname of your NAS to the FQDN of the cert you're obtaining, or
Set privkey_path and fullchain_path to the appropriate values in your config file.

Once you've done either of those, you can just run deploy_freenas.py to deploy the cert; there's no need to get a new cert first.

Answer 2 · 2023-12-30T17:35:12.000Z

-----END CERTIFICATE-----
[Sun Dec 31 01:26:51 CST 2023] Your cert is in: /root/.acme.sh/truenas.hyk.plus_ecc/truenas.hyk.plus.cer
[Sun Dec 31 01:26:51 CST 2023] Your cert key is in: /root/.acme.sh/truenas.hyk.plus_ecc/truenas.hyk.plus.key
[Sun Dec 31 01:26:51 CST 2023] The intermediate CA cert is in: /root/.acme.sh/truenas.hyk.plus_ecc/ca.cer
[Sun Dec 31 01:26:51 CST 2023] And the full chain certs is there: /root/.acme.sh/truenas.hyk.plus_ecc/fullchain.cer
[Sun Dec 31 01:26:52 CST 2023] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File "/root/deploy-freenas/deploy_freenas.py", line 84, in
with open(PRIVATEKEY_PATH, 'r') as file:
^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/root/.acme.sh/TrueNAS/TrueNAS.key'
[Sun Dec 31 01:26:52 CST 2023] Reload error for :

This is the log. I don't understand why the certificate generation path includes the term "ecc."

Answer 3 · 2023-12-30T17:53:23.000Z

How to set the appropriate values of privkey_path and fullchain_path?

Answer 4 · 2023-12-30T17:55:15.000Z

root@TrueNAS[~]# /root/deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File "/root/deploy-freenas/deploy_freenas.py", line 84, in
with open(PRIVATEKEY_PATH, 'r') as file:
^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/root/.acme.sh/truenas.hyk.plus/truenas.hyk.plus.key'

I have set the hostname of my NAS to the FQDN of the cert you're obtaining, It still made a mistake.

Answer 5 · 2023-12-31T17:59:12.000Z

How to set the appropriate values of privkey_path and fullchain_path?

I'm not sure what you're asking here. The command output you've quoted shows the paths to those files. The deploy_config.example file documents how to set every option you can set. What part is unclear?