root@letsencrypt:~ # /root/.acme.sh/acme.sh --install-cert -d [redacted FQDN] --reloadcmd "/root/deploy-freenas/deploy_freenas.py"
[Thu Mar 16 23:00:35 EDT 2023] The domain '[redacted FQDN]' seems to have a ECC cert already, lets use ecc cert.
[Thu Mar 16 23:00:35 EDT 2023] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File "/root/deploy-freenas/deploy_freenas.py", line 22, in <module>
import requests
ModuleNotFoundError: No module named 'requests'
[Thu Mar 16 23:00:35 EDT 2023] Reload error for :
root@letsencrypt:~ #
pkg install py38-requests
should do the trick.[Fri Mar 17 17:23:38 EDT 2023] Your cert is in: /config/[redacted FQDN]_ecc/[redacted FQDN].cer
[Fri Mar 17 17:23:38 EDT 2023] Your cert key is in: /config/[redacted FQDN]_ecc/[redacted FQDN].key
[Fri Mar 17 17:23:38 EDT 2023] The intermediate CA cert is in: /config/[redacted FQDN]_ecc/ca.cer
[Fri Mar 17 17:23:38 EDT 2023] And the full chain certs is there: /config/[redacted FQDN]_ecc/fullchain.cer
[Fri Mar 17 17:23:38 EDT 2023] Run reload cmd: /root/deploy-freenas/deploy_freenas.py --config /truenas/[redacted FQDN].conf
Traceback (most recent call last):
File "/root/deploy-freenas/deploy_freenas.py", line 84, in <module>
with open(PRIVATEKEY_PATH, 'r') as file:
FileNotFoundError: [Errno 2] No such file or directory: '/config/[redacted FQDN]/[redacted FQDN].key'
[Fri Mar 17 17:23:38 EDT 2023] Reload error for :
root@letsencrypt:/truenas #
root@letsencrypt:~/deploy-freenas # /root/.acme.sh/acme.sh --install-cert -d [readcted FQDN] --reloadcmd "/root/deploy-freenas/deploy_freenas.py"
[Fri Mar 17 18:16:59 EDT 2023] The domain '[readcted FQDN]' seemsto have a ECC cert already, lets use ecc cert.
[Fri Mar 17 18:16:59 EDT 2023] Run reload cmd: /root/deploy-freenas/deploy_freenas.py
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 174, in _new_conn
conn = connection.create_connection(
File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 95, in create_connection
raise err
File "/usr/local/lib/python3.9/site-packages/urllib3/util/connection.py", line 85, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 61] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line703, in urlopen
httplib_response = self._make_request(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line398, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 239, in request
super(HTTPConnection, self).request(method, url, body=body, headers=headers)
File "/usr/local/lib/python3.9/http/client.py", line 1285, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1331, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1280, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.9/http/client.py", line 1040, in _send_output
self.send(msg)
File "/usr/local/lib/python3.9/http/client.py", line 980, in send
self.connect()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 205, in connect
conn = self._new_conn()
File "/usr/local/lib/python3.9/site-packages/urllib3/connection.py", line 186, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x8026083d0>: Failed to establish a new connection: [Errno 61] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 489,in send
resp = conn.urlopen(
File "/usr/local/lib/python3.9/site-packages/urllib3/connectionpool.py", line787, in urlopen
retries = retries.increment(
File "/usr/local/lib/python3.9/site-packages/urllib3/util/retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /api/v2.0/certificate/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x8026083d0>: Failed to establish a new connection: [Errno 61] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/root/deploy-freenas/deploy_freenas.py", line 93, in <module>
r = session.post(
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 635,in post
return self.request("POST", url, data=data, json=json, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 587,in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/sessions.py", line 701,in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python3.9/site-packages/requests/adapters.py", line 565,in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=80): Max retries exceeded with url: /api/v2.0/certificate/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x8026083d0>: Failed to establish a new connection: [Errno 61] Connection refused'))
[Fri Mar 17 18:17:00 EDT 2023] Reload error for :
I wouldn't expect it to be related to the python version. You're sure you've entered the right IP or hostname and port in deploy_config?Or is connection refused something unrelated to the version python?
[deploy]
api_key = [redacted API key]
# Configuration file for deploy_freenas.py
# Choose one of the following authentication methods, "api_key" or "password" (comment out the other one).
# Auth via API keys is highly recommended, but is only available from TrueNAS (Core) 12.0 up.
# You can generate a new API key in the web interface under "Settings" (upper right) > "API Keys".
# api_key = YourNewlyGeneratedAPIKey#@#$*
# If you are on FreeNAS 11 or lower, set this to your FreeNAS root password
# password = YourSuperSecurePassword#@#$*
# Everything below here is optional
# cert_fqdn specifies the FQDN used for your certificate. Default is your system hostname
# cert_fqdn = foo.bar.baz
# connect_host specifies the hostname the script should attempt to connect to, to deploy the cert.
# Default is localhost (assuming the script is running on your FreeNAS box)
# connect_host = baz.bar.foo
# verify sets whether the script will attempt to verify the server's certificate with a HTTPS
# connection. Set to true if you're using a HTTPS connection to a remote host.If connect_host
# is set to localhost (or is unset), set to false. Default is false.
# verify = false
# privkey_path is the path to the certificate private key on your system. Default
# assumes you're using acme.sh:
# /root/.acme.sh/cert_fqdn/cert_fqdn.key
privkey_path = /config/[FQDN]_ecc/[FQDN].key
# fullchain_path is the path to the full chain (leaf cert + intermediate certs)
# on your system. Default assumes you're using acme.sh:
# /root/.acme.sh/cert_fqdn/fullchain.cer
fullchain_path = /config/[FQDN]_ecc/fullchain.cer
# protocol sets the connection protocol, http or https. Include '://' at the end.
# Default is http
# protocol = https://
# port sets the port to use to connect. Default is 80. If protocol is https,
# this MUST be set to your https port.
# port = 443
# set ui_certificate_enabled to false if you want to skip using the new cerificate for the UI. Default is true.
# ui_certificate_enabled = false
# set s3_enabled to true if you have the S3 service enabled on your FreeNAS. Default is false.
# s3_enabled = true
# set ftp_enabled to true if you have the FTP service enabled on your FreeNAS. Default is false.
# ftp_enabled = true
# set webdav_enabled to true if you have the WEBDAV service enabled on your FreeNAS. Default is false.
# webdav_enabled = true
# set apps_enabled to true if you want to update your TrueNAS SCALE chart applications to use the new certificate. Default is false.
# apps_enabled = true
# only update TrueNAS SCALE chart applications where the san of the current andthe new cert matches. Default is false.
#apps_only_matching_san = true
# Certificates will be given a name with a timestamp, by default it will be
# letsencrypt-yyyy-mm-dd-hhmmss. You can change the first part if you like.
# cert_base_name = something_else
If you're running this script in a jail, you need to set connect_host to point to your TrueNAS instance.I didn't spec a IP