download: https://github.com/Neilpang/acme.sh/
pkg install security/acme.sh
Once you generate certificates on freebsd they will be saved in /var/db/acme/example.com and named the following:
- Certificate: example.com.cer
- Certificate key: example.com.key
- Intermediate CA certificate: ca.cer
- Full chain certificates: fullchain.cer
See below for how to generate them depending on your server setup.
Change ownership temporarily to the acme user and group, then as the acme user, generate the certificates for your site.
chown acme:acme /srv/http/your-web-site-dir
su acme
acme.sh --issue -d www.example.com -w /usr/local/www/your-web-site-dir
Restore ownership back to whatever user it was.
chown www:www /usr/local/www/your-web-site-dir
Install socat
pkg install net/socat
Run acme.sh as root because it needs to listen on port 80
sudo acme.sh --issue -d example.com --home /var/db/acme --standalone
Create the needed directory:
mkdir /home/<user>/.weechat/ssl
Save the script below as weechat-cert.sh in /usr/local/sbin or some such place.
#!/usr/bin/env bash
cat /var/db/acme/example.com/example.com.key /var/db/example.com/fullchain.cer > /home/<user>/.weechat/ssl/relay.pem
chown <user>:<group> /home/<user>/.weechat/ssl/relay.pem
acme.sh --renew -d example.com --home "/var/db/acme" --reloadcmd "/usr/local/bin/bash /usr/local/sbin/weechat-cert.sh"
@daily /usr/local/sbin/acme.sh --cron --home "/var/db/acme" --reloadcmd "/usr/local/bin/bash /usr/local/sbin/weechat-cert.sh" > /dev/null
Inside weechat do:
/set relay.network.ssl_cert_key "/home/<user>/.weechat/ssl/relay.pem"
/relay add ssl.weechat 9001
/set relay.network.password "your password"
Then make sure you allow traffic on port 9001 in your firewall.