FreeBSD versus

I’m using this page as a guide:

I have some confusion between the files

From the webpage:

The second is to add this script to the /usr/local/etc/periodic/weekly directory.
The Script
There is already a sample script included when you install this package added by the wonderful port maintainer. It works pretty well, but with the configuration we did with nginx and acme-client, we can forego some of the complexity.
Here’s is the script that I use:
#!/bin/sh -e
ACME_FLAGS="-v -e -m -b -n -N"
cat “${DOMAINSFILE}” | while read domain line ; do
set +e # RC=2 when time to expire > 30 days
acme-client ${ACME_FLAGS} ${domain} ${line}
set -e
[ $RC -ne 0 -a $RC -ne 2 ] && exit $RC

However this script is basically
which is not

Then later in the webpage

The Weekly Run
It’s not too bad to run this manually every couple of weeks, but it’s better to let the machine do the work for you. This can be automated by adding a script to the /usr/local/etc/periodic/weekly. The maintainers have included another awesome sample file here called You don’t actually need to edit anything in this file, it’s good as is.

Now running

acme-client: /usr/local/etc/acme/ account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/ domain key exists (not creating)
acme-client: adding SAN:
acme-client: /usr/local/etc/ssl/acme/ certificate valid: 86 days left
acme-client: /usr/local/etc/acme/ account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/ domain key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/ certificate valid: 86 days left

Looks ok since I had one successful run.

Now running
with a few “echo” statements tossed in to track the flow:


if [ -r /etc/defaults/periodic.conf ]
    . /etc/defaults/periodic.conf
    echo "flag 1"

export PATH

case "$weekly_acme_client_enable" in
        echo "flag 2"
        echo "Checking Let's Encrypt certificate status:"

        if [ -x "$weekly_acme_client_renewscript" ] ; then
                : ${weekly_acme_client_args:="-b"}
                echo "flag 3"
                if [ -z "$weekly_acme_client_domains" ] ; then
echo "flag 4"
                        weekly_acme_client_domains=$(hostname -f)
                        echo "Using hostname: $weekly_acme_client_domains"
                if [ -n "$weekly_acme_client_challengedir" ] ; then
echo "flag 5"
                        weekly_acme_client_args="$weekly_acme_client_args -C $weekly_acme_client_challengedir"
                /usr/local/bin/acme-client $weekly_acme_client_args $weekly_acme_client_domains

        if [ -n "$weekly_acme_client_deployscript" ] ; then
                if [ -x "$weekly_acme_client_deployscript" ] ; then
                        echo "Deploying Let's Encrypt certificates:"
                        echo 'Skipped, deploy script does not exist or is not executable'


flag 1
flag 2

Checking Let’s Encrypt certificate status:
flag 3
flag 4
Using hostname: peets
flag 5
acme-client: /usr/local/etc/ssl/acme/private/privkey.pem: -k file must exist
acme-client: /usr/local/etc/acme/privkey.pem: -f file must exist
Skipped, deploy script does not exist or is not executable

Seems to me that if
was placed in
would do the trick.

see freebsd plugin:

I got a message in my email from Seth Schoen which didn’t show up here. He said daily requests are suggested.

How does this sound. Since /usr/local/etc/acme/ seems to do the job, why not just make that a daily chron job and call it a day. That is skip the week 000.acme script.

Let is more.

My reply was in a different thread on this forum, but it’s public:

Before this expires, are you OK with the daily cron on the /usr/local/etc/acme/ It seems to work, but I haven't reached renewal yet which is the acid test.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.