• HEADS UP: Buypass is shutting down their ACME service

    Pinned
    1
    2 Votes
    1 Posts
    266 Views
    No one has replied
  • ACME pkg v1.0

    Pinned
    17
    3 Votes
    17 Posts
    1k Views
    GertjanG
    @jimp Done. I was on acme.sh 1.0 (25.07.1) and a downgrade was proposed. Now, the issue is gone.
  • Let's Encrypt Cert via ACME ask for oathtool (PFSende 2.8)

    5
    0 Votes
    5 Posts
    1k Views
    G
    @Gertjan well..... finally i created a new user for inwx and just gave him dns_management role only AND without 2FA. So now all is fine, my PFSense has the LE Cert as it should be. Thanks and kr Mike
  • ACME using dynv6

    18
    0 Votes
    18 Posts
    5k Views
    A
    Hello, I am also trying to use DNS-NSupdate / RFC 2136 with dynv6.com. I have used all the information in this and the other related thread, but acme.sh blocks when trying to read the key from the disk. The logs show that the key file is expected in /tmp/acme/home-mydomain-tld-test-dynv6/home.mydomain.tldnsupdatealias-mydomain-tld.dynv6.net.key but is actually in /tmp/acme/home-mydomain-tld-test-dynv6/home.mydomain.tldnsupdate_acme-challenge.alias-mydomain-tld.dynv6.net.key Did I mess up the parameters or is there a bug in the call to acme.sh? Thanks for your help, Atanis
  • SSL Cert Failing

    6
    0 Votes
    6 Posts
    435 Views
    W
    Problem solved. Fat fingers at work!
  • How do I fix this expiring ACME Certificate?

    4
    0 Votes
    4 Posts
    392 Views
    G
    Thanks @Popolou @Gertjan for the reply. TLDR; I just want to confirm that this isn't a pfSense/ACME bug. I'm just going to delete the deprecated cert and consider this matter closed unless this is a bug. FULL REPLY: Thanks @Popolou @Gertjan for the reply. Thanks for the info. I now understand what is going on with these certificates which is a win. I was expecting that pfSense would manage these certificates and clear out the ones that are no longer needed. No big deal as long as I know I can safely delete them. @Popolou said in How do I fix this expiring ACME Certificate?: @guardian Just check to see which certificates have been issued with the now defunct/expiring CA and if it is zero (which is highly likely), then you can delete it. Any new cert renewals will still take place and the appropriate CA chain will be downloaded and installed if required. You may find you have R10 and R11 (or newer) installed through this route. @Gertjan said in How do I fix this expiring ACME Certificate?: @guardian said in How do I fix this expiring ACME Certificate?: CN=R3 Euh, that one has been depreciated long time ago. Read : Thanks.... I actually found this and read it. @guardian said in How do I fix this expiring ACME Certificate?: Is there a place I can download a new CA certificate? Normally, you don't need to. If your pfSense is recent enough, you has them already. Not under "System > Certificates > Authorities" but in the FreeBSD Certificate storage folder, here /usr/share/certs/trusted/ Thanks for this info. It looks like the certs that I have in play have been downloaded, so I guess I will just delete the old cert and be done.
  • updated package, php error when accessing certificates tab

    5
    0 Votes
    5 Posts
    352 Views
    B
    @Gertjan oh. It's all working fine now. Once I did restore to previous, everything worked. I was able to request new certs via ACME and the OpenVPN service came up and I was able to navigate all the tabs. With my certs down (and just expired) it broke a lot of things. Lol.
  • 0 Votes
    25 Posts
    2k Views
    JeGrJ
    @raidflex said in updating to acme 1.0 breaks system beyond repair: need to restore from backup: In fact after restoring from a backup after the ACME update, Crowdsec reinstalled just fine, and this was before the recent release a couple days ago that contained a fix. Yeah, that may be, but if you install packages with dependencies on the console rather then the package manager, those may have (old) dependencies for specific versions. So if that crowdsec package has a dependency on an older pfsense base package or something like that and you install any other package (like Acme) which may collide with that, the package manager makes a decision to solve the conflict. Not always the most sane one - sure - but that's like any other distro out there. Manually installing packages on the console always may get you into dependency hell :) Just saying, because now it was acme, next time it could easily be some other package triggering such an effect. Cheers
  • ACME Gandi.net renewal

    9
    0 Votes
    9 Posts
    1k Views
    I
    Redmine Issue has been closed. fixed - Gandi LiveDNS method in acme 1.0 has both PAT and API key fields. tested on: 25.11-DEVELOPMENT (amd64) built on Sat Aug 16 6:00:00 UTC 2025 FreeBSD 15.0-CURRENT Edit: Just tested it and it works. Thank you guys!
  • Issue with ACME Certificates Refresh & Restarting HAProxy

    acme haproxy
    5
    1 Votes
    5 Posts
    2k Views
    GertjanG
    @EChondo What's your pfSense version ? The instructions are shown here : [image: 1753262126227-1acdc586-cb29-4148-9e36-81ade4e5e60c-image.png] A restart of a service will start by re creating their config files. If a certificate changed, it will get included. When the process starts, it will use the new certificate. @EChondo said in Issue with ACME Certificates Refresh & Restarting HAProxy: I haven't been able to confirm if the above works(mine just renewed, don't feel like doing it again just to test), so we'll see in 60 days I guess. No need to wait x days. You can re test / renew right away, as you are 'allowed' to renew a couple (5 max ?) of times per week.
  • ZeroSSL - How to revoke/remove existing certificates

    2
    0 Votes
    2 Posts
    490 Views
    johnpozJ
    @MacUsers https://help.zerossl.com/hc/en-us/articles/360060119933-Certificate-Revocation edit: oh you prob out of luck You can revoke any certificate issued via the ZeroSSL portal. Currently, certificates issued via ACME can not be revoked from inside the portal - please follow the instructions of your ACME client for revoking those certificates. the gui in pfsense does not have the ability to revoke - you prob have to move the certs to something you have certbot installed to and revoke that way.
  • ACME Subdomain revoke Cert

    3
    0 Votes
    3 Posts
    953 Views
    M
    @jimp I know it's a nn ols thread but very similar to what I'm trying to find out, so piggy backing.......... I understabd it will expire in 90 days, but what if I really need to revoke the cert? This is one of the issue with ZeroSSL free offering, which only gives you four certifictes and until one os revoked, it wil use of one of the number from the quota - any idea how to actually revoke an external ACME certificate? 5yrs. later, I sill don't see any option to do that -S
  • Porkbun changed their api

    11
    0 Votes
    11 Posts
    2k Views
    GertjanG
    @luxor84 Why editing the pork_burn.sh file ? You started with a more clean solution : a patch. Why not including a patch for pork burn file ?
  • Let's Encrypt removing TLS Client Authentication EKU

    1
    5 Votes
    1 Posts
    351 Views
    No one has replied
  • How to add dns provider to ACME?

    4
    0 Votes
    4 Posts
    984 Views
    F
    @SteveITS Feature request created: https://redmine.pfsense.org/issues/16150
  • how to use with no-ip.com

    2
    0 Votes
    2 Posts
    697 Views
    T
    I ended up signing up for duckdns and users still use my old no-ip.com ddns. apparently lets encrypt certs work on multiple domains
  • Multiple, Different Methods in Certificate leads to renewal failure

    1
    0 Votes
    1 Posts
    397 Views
    No one has replied
  • PHP error when navigating to ACME plugin page

    4
    0 Votes
    4 Posts
    1k Views
    M
    Thanks for the insight, that resolved the issue
  • Cannot renew or create new cert Godaddy API

    6
    0 Votes
    6 Posts
    1k Views
    C
    @Gertjan Yes it is but the GUI still laggs so at least now I know I can use the cert without waiting for GUI to update.
  • PHP error installing pfSense-pkg-acme: 0.9_1

    5
    0 Votes
    5 Posts
    1k Views
    I
    @Gertjan Thank you so much for the help. I've removed all of the child nodes of <acme>, reinstalled the package and it completed. Thanks again!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.