Configuring OpenLDAP for TLS on FreeBSD 12

My domain is:

My operating system is: FreeBSD 12

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.39.0

I am trying to configure OpenLDAP on a FreeBSD 12 machine. According to the directions from FreeBSD, I need to enter this information into the ‘slapd.conf’ file:

security ssf=128
TLSCertificateFile /path/to/your/cert.crt
TLSCertificateKeyFile /path/to/your/cert.key
TLSCACertificateFile /path/to/your/cacert.crt

Mt question is, what files am I supposed to use? I have a ‘cert.pem’, a ‘chain.pem’, a ‘fullchain.pem’ and a ‘privkey.pem’ located in my letsencrypt directory. I am not sure what keys translate to the ones requested?


Hi @Gerard

that should work:

cert.crt -> cert.pem
cert.key -> privkey.pem
cacert.crt -> chain.pem

fullchain.pem contains cert.pem and chain.pem, so it’s not required.

1 Like

Hi @Gerard,

Here’s a doc that may help.


I am getting a:

Service Unavailable

The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.

I will try again later.

Me too now. It turns out that about 3 requests killed that website. :sob:

Have you tried a config like this?

TLSCACertificateFile /etc/letsencrypt/live/
TLSCertificateFile /etc/letsencrypt/live/
TLSCertificateKeyFile /etc/letsencrypt/live/

According to you’ll need to grant privileges for the system ldap user.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.