== certbot ==
[[https://josh-weatherly.com/2018/08/freebsd-ssl-apache-lets-encrypt-certbot/]]

[[https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-freebsd-12-0]]
   
====== Apache with Let's Encrypt ======

<code bash>
pkg install -y py39-certbot py39-certbot-apache
</code>
<code bash>
echo 'weekly_certbot_enable="YES"' >> /etc/periodic.conf
</code>

<code bash>
echo "LoadModule ssl_module libexec/apache24/mod_ssl.so" >> /usr/local/etc/apache24/Includes/httpd.conf
echo "LoadModule rewrite_module libexec/apache24/mod_rewrite.so" >> /usr/local/etc/apache24/Includes/httpd.conf
</code>

<code bash>ee /usr/local/etc/apache24/Includes/your_domain.com.conf</code>
<code bash>
<VirtualHost *:80>
#    ServerAdmin your_email@your_domain.com
    DocumentRoot "/usr/local/www/apache24/data/"
    ServerName your_domain.com
#    ServerAlias www.your_domain.com
<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/usr/local/www/apache24/cgi-bin/"
</IfModule>
<IfModule !alias_module>
    DirectoryIndex index.html
</IfModule>

</VirtualHost>

</code>

<code bash>
service apache24 restart
</code>
<code bash>
certbot --apache -d your-domain -d www.your-domain
</code>
<code bash>
certbot renew --dry-run
</code>

<code bash></code>
<code bash>certbot certificates</code>
<code bash>Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: my.example.ua
    Serial Number: 3d3578a221edc86906c4eeee76bdefeed23
    Key Type: RSA
    Domains: my.example.ua
    Expiry Date: 2022-04-30 22:19:36+00:00 (VALID: 89 days)
    Certificate Path: /usr/local/etc/letsencrypt/live/my.example.ua/fullchain.pem
    Private Key Path: /usr/local/etc/letsencrypt/live/my.example.ua/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
</code>
<code bash>certbot certificates -d my.example.ua</code>

For Zabbix monitoring on FreeBSD

[[https://github.com/lightvik/zabbix-templates/blob/master/LE-certificates-information/le-certificates.sh]]

<code bash>certbot certificates | grep Certificate\ Name | awk '{ print $3 }'</code>

===== fix =====

if error with shared library
  freebsd-version -uk
  
  freebsd-upgrade fetch

  freebsd-upgrade install

  shutdown -r now
  freebsd-upgrade install

if error in python
  curl https://sh.rustup.rs -sSf | sh 
  make symlinks from $HOME/.cargo/bin to /usr/local/bin

  or export CRYPTOGRAPHY_DONT_BUILD_RUST=1 

  pip install --upgrade cryptography 
  pip install --upgrade pyOpenSSL > 22.1

  pip install --upgrade pip pyOpenSSL cryptography

  certbot certificates