Configuring Let's Encrypt on Turnkey Truenas Server

Hey

I was trying to access my nextcloud server through the internet, and the LE cert has expried. I had auto-renowal enabled, but is has not worked. When I tried to fix the issue today, I could not get either the HTTP01 or DNS01 option to work.

This server is installed with Turnkey Truenas-VM image on my Truenas Scale


I would prefer to get it working through the API-option. There is working network access to the server and I can access the server though the internet, but due to the cerfication expiration, I cannot use it.

Any ideas?
Thanks for taking the time

Got this resolved via passing through the PORT80 on my router and got it working again after running OS security update script from the host OS console. (confconsole)

1 Like

can you still reach it on http ?
can you ssh in to it ?

sudo certbot renew

gives what kind of errors ?

Yeah, over HTTP and HTTPS over the LAN

Yes, I have


And there is no such command on the CLI interface as Certbot
But I already got the actual deployment back up and running over my reverse proxy/port forwarding setup I am running.

Thanks @Mongoosh for taking the time

1 Like

your already root

certbot renew

(sudo mean super user do, when you already root there is no point)

certbot is the tool of lets encrypt. this should at least renew your certification.

with security in mind its a bad thing to have ssh remote root acces enabled. its better practice to have a user in the sudo-er group and sudo the comands

2 Likes


Looks like the Turnkey devs have not implemented it properly then. But I got it working though their configuration console over the SSH-connection.

And the SSH is not available to accessed over the public networks, just my LAN due to my port forward implementation. I :sweat_smile: should know that much, even though that user at least has a strong password

Thanks for the tip, I have that practise implemented on the hypervisor and other suchs platforms. I sadly have not had the time to sanitize that specific VM console. So far I have had strong enough password on that user that I have not seen it worth it to take the time to secury implement the levels of access. And that VM’s root user gets used only when I have to do maintenance to that VM :sweat_smile:

1 Like

And I am also at the point where I will have to make major changes to my current LAB/production stack due to some hardware changes. But I will try to work on implementing non-root maintenance-users

Your kinda running in to systems running in to systems. And those systems are preconficured by other people.

this should do the trick

1 Like