FreeNAS jail: Updating OpenSSL for certbot

Question

I am using FreeNAS 9.3. Having created a jail for the purpose, I am trying to get nginx working together with certbot.

The basic problem is the following:

From what I gather this is because the base or host system of FreeNAS is using this version and one is discouraged from updating that.

After doing some research, I stumbled across this post. I did a portupgrade and followed the rest of the steps and deviating only when needed: e.g.

However I do not know how to make nginx and certbot use the openssl port instead of the old package:

Any help on the matter would be greatly appreciated!

Answer 1

If the NGINX package is a precompiled binary that embeds the OpenSSL library, you're out of luck since you can't. Not without doing to NGINX what you did to OpenSSL.

If the NGINX package loads the shared OpenSSL library, changing the LD library path should let NGINX find the newer version.

Since you do get a warning about it, I imagine that it loads the .so which is located by LD at runtime.

IIRC, wrapping NGINX in a script setting LD_LIBRARY_PATH prior to running it would do that.

Be warned that LD_LIBRARY_PATH shouldn't be used in general and even less so at a system-wide scale.