FreeBSD

Setup let’s encrypt on FreeBSD

This tutorial is about installing Let’s Encrypt, a Certificate Authority (CA) that alleviates the process of TLS/SSL certification. The TLS/SSL certification, in turn, serves as an indispensable element of HTTPS authentication on an online server. Let’s Encrypt comes with a software client named Certbot that employs automation techniques to strips the certification process of any intricate technicalities for the user’s convenience.

In this article, we’ll explain how to set up let’s Encrypt on FreeBSD and list some of the fundamentals to help you start with it.

How to install Certbot

The latest release for Certbot can be acquired by downloading and extracting the python packages. Use the pkg command as under if you're using Python 2.7:

$ pkg install py27-certbot

And if you’re using python 3.7, type in:

$ pkg install py37-certbot

The command above should install Certbot on your FreeBSD system.

Getting started with Certbot

Register Certbot

Before we begin creating certificates, we’ll need a /usr/local/etc/letsencrypt/letsencrypt.ini file for our user account. Type out the contents below in your file:

# rsa-key-size = 4096

# server = https://acme-v02.api.letsencrypt.org/directory

# email = [email protected]

# text = True

# agree-tos = True

# renew-by-default = True

# authenticator = standalone

Then issue the command below in the shell to register Certbot:

$ certbot register

Create a Certificate With Certbot

Creating a certificate with Certbot is as simple as it gets: use the standalone server for TLS/SSL authentication.

However, using the standalone server means putting your web server on hold for a few seconds. If you cannot afford to shut down the hosting service, you can create certificates with webroot.

To create a certificate with webroot, type out the following command in the shell:

$ certbot certonly -c /usr/local/etc/letsencrypt/letsencrypt.ini -d domain.tld -d www.domain.tld

Renew certifications with Certbot

The certifications can be updated automatically with Certbot. Type in the command below to update your certificates with Certbot.

$ certbot renew

Erasing certificates

Deleting certificates with certbot is very easy, as long as you know the exact name of the certificate you want to be deleted. To list all the authenticated certificate

$ certbot certificates

The screenshot below shows the likely output you’ll get out of this command:

The command syntax for deleting a certificate with certbot is:

$ certbot delete --cert-name domain.tld

The referenced certificate should be deleted with the command above.

Wrapping up

Ok, folks, this tutorial was about setting up Let’s Encrypt on a FreeBSD system and using the Certbot supervisor to automatically create, authenticate and remove TLS/SSL certificates.

Certbot can be vital for users who frequently have to update certificates themselves, manually, which can be a tedious process.

About the author

Younis Said

I am a freelancing software project developer, a software engineering graduate and a content writer. I love working with Linux and open-source software.