# Let's Encrypt and OpenSSL



## gariac (Jun 6, 2017)

Lacking enough aggravation in my life, I want to learn how to set up letsencyrpt for nginx and postfix/dovecot. Step one (I presume) is getting the automatic service for letsencrypt working. I found the following guide:
https://wiki.freebsd.org/BernardSpil/LetsEncrypt
However it uses LibreSSL.

LibreSSL is not supported by Postfix, so I need to have OpenSSL installed.

Two questions:
1) Can letskencrypt work with OpenSSL
2) If the answer to question 1 is no, can I have both LibreSSL and OpenSSL installed at the same time? I'm thinking something like force OpenSSL to be the default for make and then overriding to LibreSSLfor letskencrypt

I suppose a third option is to use the older guide:
https://wiki.freebsd.org/BernardSpil/LetsEncrypt.py
though the author suggests the improved versions.

OS is FreeBSD 11.0


----------



## drhowarddrfine (Jun 6, 2017)

Yes. We use openssl with letsencrypt


----------



## gariac (Jun 6, 2017)

Hmmh, I asked for a quote. I'm still learning this forum. 

Anyway, the question was regarding letskencrypt. Emphasis on the "K".


----------



## tobik@ (Jun 6, 2017)

gariac said:


> 1) Can letskencrypt work with openssl


letskencrypt was renamed to acme-client a while back. security/acme-client will link with LibreSSL statically if you have not set DEFAULT_VERSIONS=ssl=libressl, so you should be able to use it with OpenSSL installed.



gariac said:


> https://wiki.freebsd.org/BernardSpil/LetsEncrypt


A more up to date version of this guide is available at https://brnrd.eu/security/2016-12-30/acme-client.html


----------



## gariac (Jun 8, 2017)

Thanks to both of you. I will try to contact the author to change his wiki. 

From the instructions page (to help the FreeBSD search engine):

```
Port changes

The port as of version 0.1.15 no longer requires the user to switch to LibreSSL completely. By default it will check if LibreSSL is the default provider for libcrypto and libssl (SSL_DEFAULT=libressl). The port will build LibreSSL but not install it and statically link the not-installed libraries.

For users that have fully switched to LibreSSL there's no difference.
```
At this point, I stand a fighting change of getting letsencrypt going. I will come back and mark this solved once I have it working. Thanks again.


----------

