letsencrypt-logo-largeThanks to this tutorial by user BernardSpil, we can get LetsEncrypt running on FreeBSD. Follow the link below for the full instructions.

Started this as I felt that the standard LetsEncrypt client was way too fat and had too many dependencies to be allowed to run as root. Even though this is all pretty basic stuff, I decided to document it here.

Guide changed to use the security/letsencrypt.sh port

The original guide can be found in the lower half of this document.

Some notes on the configuration of my setup

  1. All services accessible from the internet run in jails (all jails reside in /usr/jails by default on FreeBSD)

  2. I use LibreSSL (LibreSSL port)

  3. I use The Z Shell (zsh port)

Things that don’t need to run as root will be running as an unprivileged user. I will use the user _letsencrypt with group _letsencrypt as the unprivileged user that will perform the certificate renewal process. Deployment of the keys and certificates will have to be executed with a privileged user, this guide uses root.

Install Letsencrypt.sh

The port is available in the ports tree. Install it using the official pkg repository using….

Full tutorial: https://wiki.freebsd.org/BernardSpil/LetsEncrypt