Recommendation on certbot cert(s) in multiple FreeNAS jails

I’m stuck on a noobie question with regard to setting up certificates with multiple freenas jails. A cookbook on installing nextcloud described the use of certbot and the cron job to perform the cert renewal which generally makes sense. However, i realize i would also like to use certs for other jails (such as a plex media server jail that i’ve already setup). I have a domain setup with duckdns and route the jail IPs/ports to ports exposed through my router’s port forwarding.

What I don’t understand is whether I want to setup a single jail to perform the cert renewal and have the certs in a common location available to all jails or if each jail should perform it’s own cert creation/renewal. In the latter case, the domain used in the certbot requests would be the same for each jail since this would just be the mysubdomain.duckdns.org which maps to my router. i’m not sure how letsencrypt service would behave with multiple jails making cert requests to the same domain so my guess would be the single set of certs shared between jails is the appropriate answer.

Forgive me if the question itself seems like i don’t know what i’m talking about since i freely admit… I don’t know what i’m talking about. Any pointers on the valid, easiest and appropriately secure method to setup a shared cert or multiple jail-centric certs is appreciated. I think i can then find references on the approprate way to use the certs with the specific services running in each jail.

Thank you!

You can only issue 5 certificates for the same exact set of domain names in one week due to rate limits, so you probably want to share certificates.

If the domain names were different for each jail there wouldn’t be any particular reason to prefer one method over the other.

Great. Thank you. This validates that my thoughts were even coherent with these proposals. i think i’ll share the cert between jails. This seems like the cleanest implementation. Thanks again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.