aa4ad270-b4a6-4a6e-adf7-7d7d66ba2bda-image.png

As discussed here a month ago : Let's Encrypt Certificate Authority Expiring soon : do what has been suggested over there.

We have 2.5.0 now, the GUI warns us.
Still, up to use to use the buttons :

353c0e68-9a66-4784-92f2-2fde461dc2dd-image.png

@gschmidt
i would go for the haproxy-devel one.. that would be the 0.62 at this moment.

@flemmingss

Hi Flemmings,

I do the same and worked.
After you can change again to cname *.duckdns.org and renew certificate again.
now is working fine.

thanks to all

@mbentley said in Let's Encrypt Certificate Authority Expiring soon:

It doesn't have anything to do with a pfSense version or a plugin version - the timing is just a coincidence.

The only strange thing is that on 2.5.0 this causes a notification, but on 2.4.5 not.
Maybe is something that they added in the new version and that i haven't read yet in the changelog.

@gertjan said in Let's Encrypt Certificate Authority Expiring soon:

https://letsencrypt.org/certificates/

I literally just finished reading it!

So the "old" one is safe to delete it, that's the important thing!

Thanks to everyone!

@foolish86 :)Who gave me that tip was @Gertjan, thanks to him we both got our certificates.

Just to revisit this thread.... I was having problems renewing my Namecheap Let's Encrypt certificate using the manual method so figured I would give this a try. It was all quite easy - the request in namecheap for API key was instant so seemingly automatic.
You do have to whitelist the IP of the pfSense machine though... without having that IP in the whitelisted section of the namecheap API page results in an error when trying to issue the certificate. Other than that... all seems to work well - Thanks.

The HAProxy hint did the trick. For others searching, here is what I did on HAProxy config:

Defined a specific backend pointing on 127.0.0.1 with the port defined on ACME config On the frontend added an ACL to forward the requests for which path starts with /.well-know/... onto the previous backend

Seems to work fine.
Don't hesitate to suggest any improvement though.
In another hand I saw that it could be a small security breach, but I don't see the issue, I'd be interested to know.

Thanks for the help.

@tlex forget it I found it :P
2c8dc80d-eb3a-429c-8b8a-fecf788629d8-image.png

0f3482cf-3a71-4a17-82d4-5da3ab20a12b-image.png

You would want to raise that issue with the acme.sh project directly, since we do not maintain the code which interacts with DNS providers, they do.

https://github.com/acmesh-official/acme.sh/issues

@kiokoman Thank you!

The problem was that in my backend I wrote "localhost" instead of "127.0.0.1" as you. Fixing that it works!

@johnpoz yes it works well now, although the UI is well hidden. I had to click another tiny button to show the full settings for this DNS-Infomaniak, as you said it's not so intuitive but now that it works I won't touch it ever again so...
Thanks for your help!

@amarand said in ACME with Siteground:

Is that not a feature that Let's Encrypt supports?

Your quiet close.
It's :
@gertjan said in ACME with Siteground:

The TXT filed will contain a challenge code to be put into the TXT field. This code is give to the acme script by Letsensrypt. For example : 'bmDWOCHFZRtOOCr_vU-mEfTIqA6i9ib0R3V6-RMF3FE'.

This bmD....................RMF3FE thing is generated randomly, and will be unique for every certificate request.
This proofs that you control right now - and not some time X in the past.
Note that, ones this test passed, it stays valid for one week.

@Gertjan thanks a lot!