That looks like a great job for a raspberry pi or similar device (BBB, espressobin, etc)

Thanks for the detailed info - JimP you are always a wealth of info... Not in any hurry was just curious.

Where are you getting your cert from? Your going to have to give us more details if you want anyone to be able to figure out what your doing wrong. For what possible reason would you want to use a wildcard cert for the webgui? How many possible fqdn/IPs could you point to the web gui? The web gui should be accessed by limited number of users. Create as cert with your own ca, have the users that will access it trust your ca. Put in whatever SANs you want to access it by. Done - set the cert to be good for 10 years. Never have to deal with this issue again.

Okay I'm just being stupid. Apparently servers do not send the root certificate. The root certificate comes from the Certificate Store in Windows (which I have added the root certificate via group policy). However Firefox does not trust the Windows Certificate Store and maintains it's own. I needed to add the CA certificate manually into Firefox. Now it works.

@derelict said in Webgui Access Only by FQDN: Yeah , but once it is connected i want page to be redirected or reloaded as https://pfsense.example.com. i have configured this behavior in my Linux web-servers running with Apache Doesn't matter if there is a redirect. You will still get the certificate error when you initially connect because the certificate will not match the URL (IP address in this case.) If you don't like the certificate errors going to https://192.168.1.1/ then don't go to 192.168.1.1, go to the FQDN instead. Here, do this little experiment: https://172.217.5.196/ Click through and see where you end up. Thanks Derelict. I have now added IP address in certificate and able to access Thanks for your Help.

Those kinds of changes are best submitted as a pull request on github.

Hi, Use another browser and you'll see what happens  ;) Or flush your current browser cache. @dedeboy: … but now don't enter What was the message ?

Can anyone verify it this has been fixed in 2.4.3_1 RHLinux

I'm wondering if it can be disabled also.

The pfSense community has been using Zanata to translate text strings and Azerbaijani is already set up as one of the translations. This would be by far the best way to translate and you might even win something. https://www.netgate.com/blog/pfsense-software-translations-with-zanata.html If you really want to translate in a private environment, however, you can use the .po file here: /usr/local/share/locale/en_US/LC_MESSAGES/pfSense.po

@jimp: This works fine in the ACME package: [image: eAvvyXt.png] Did you do something different? Also, you can use the sudo package to grant other users rights to do things. It wouldn't be necessary for ACME, but for your own user it could help you out. I think I found the problem. Silly me. I entered the command as /etc**.rc.restart_webgui instead of /etc/**rc.restart_webgui I only realize it after I look into the screenshot.

https://doc.pfsense.org/index.php/User_Manager

Is that normal? No.  You're missing your css and js folders.

@Katharine: I try to do as you said but still can not solve the problem. which part you mean you tried to do and could not solve the Problem? can you explain more about the Problem.

@jimp: Yes, that is the correct function. If you keep the original file and then make a diff/patch from that to apply your changes, you can use the system patches package to maintain your alterations rather than redoing them after every update. Generally speaking people using ACME/LE certs with pfSense will be using the pfSense ACME package to generate them, and we don't have an option for OSCP stapling in there, yet, either. So in terms of use with pfSense, probably not as common. Understandable. I know this is a low priority, so I wrote teh code myself. I've submitted a feature request https://redmine.pfsense.org/issues/8418 I've submitted a pull request https://github.com/pfsense/pfsense/pull/3927

Thanks for the link to the redmine..  Sure someone will get to sooner or later ;)