In this article, we’ll explain how to set up let’s Encrypt on FreeBSD and list some of the fundamentals to help you start with it.
How to install Certbot
The latest release for Certbot can be acquired by downloading and extracting the python packages. Use the pkg command as under if you're using Python 2.7:
And if you’re using python 3.7, type in:
The command above should install Certbot on your FreeBSD system.
Getting started with Certbot
Before we begin creating certificates, we’ll need a /usr/local/etc/letsencrypt/letsencrypt.ini file for our user account. Type out the contents below in your file:
# server = https://acme-v02.api.letsencrypt.org/directory
# email = firstname.lastname@example.org
# text = True
# agree-tos = True
# renew-by-default = True
# authenticator = standalone
Then issue the command below in the shell to register Certbot:
Create a Certificate With Certbot
Creating a certificate with Certbot is as simple as it gets: use the standalone server for TLS/SSL authentication.
However, using the standalone server means putting your web server on hold for a few seconds. If you cannot afford to shut down the hosting service, you can create certificates with webroot.
To create a certificate with webroot, type out the following command in the shell:
Renew certifications with Certbot
The certifications can be updated automatically with Certbot. Type in the command below to update your certificates with Certbot.
Deleting certificates with certbot is very easy, as long as you know the exact name of the certificate you want to be deleted. To list all the authenticated certificate
The screenshot below shows the likely output you’ll get out of this command:
The command syntax for deleting a certificate with certbot is:
The referenced certificate should be deleted with the command above.
Ok, folks, this tutorial was about setting up Let’s Encrypt on a FreeBSD system and using the Certbot supervisor to automatically create, authenticate and remove TLS/SSL certificates.
Certbot can be vital for users who frequently have to update certificates themselves, manually, which can be a tedious process.