• wildcard certificate via DNA-Dynu anyone?

    2
    0 Votes
    2 Posts
    233 Views
    No one has replied
  • 23.09.1 Crash Reporter - ACME was successfull

    2
    0 Votes
    2 Posts
    382 Views
    J

    @sandie

    looks like you have an Actions list with a PHP Command Script method, and something there has a / where it doesn't belong.

    The cert will be fine, but whatever your action after is, is not.

    Screen Shot 2023-12-21 at 4.32.50 PM.png

  • ACME DNS API support

    5
    1 Votes
    5 Posts
    753 Views
    JeGrJ

    @jrey said in ACME DNS API support:

    Clearly you are doing something else

    Antworten

    Yep, you are on a totally different path. I was asking about ACME and acme.sh's DNS providers. That RFC2136 is working for you is nice, but has nothing to do with the question :)

    Like previously suspected, it seems the "acme-dns.io" selection is indeed the acme-dns tool from GitHub and you can enter your own hosted instance. It had a few rough edges but worked finally, so seems to work like expected - we will see if renewal works fine, too.

  • Question regarding Acme and DDNS

    19
    0 Votes
    19 Posts
    2k Views
    johnpozJ

    @gregeeh said in Question regarding Acme and DDNS:

    Hope this was correct?

    Sure as long as your browser trusts the CA is all that matters.

  • Which files to point AdGuardhome to for DNS over tls

    1
    0 Votes
    1 Posts
    263 Views
    No one has replied
  • Failed to automatic renew certificate

    4
    0 Votes
    4 Posts
    821 Views
    S

    @Unoptanio I don’t think so? The other methods are all on that page.

    Or just use the self signed cert.

  • new cert setup not finishing

    4
    0 Votes
    4 Posts
    910 Views
    GertjanG

    @linuxlover2 said in new cert setup not finishing:

    so now have to wait 2 weeks to renew.

    One week, or even right away, check here Rate Limits.

  • webConfigurator not using renewed cert

    4
    0 Votes
    4 Posts
    551 Views
    T

    @Gertjan Right, I don't mind waiting. I just hit that button about a week ago when I first noticed the issue and wanted to see if forcing an update would solve it.

  • ACME CARP configuration in 2023

    2
    2 Votes
    2 Posts
    380 Views
    C

    One more question to the topic. I found an option to restart HAProxy after cert update. However, I have unfortunately not found an option to restart HAProxy on the second pfSense instance. How could this be done?

  • Lets encrypt on my captive portal

    12
    0 Votes
    12 Posts
    2k Views
    GertjanG

    @jperezme

    Methods used, wildcards etc, don't forget to watch the movie.

  • Could Not Register Key

    3
    0 Votes
    3 Posts
    480 Views
    NollipfSenseN

    Well, really, I had deleted IPv6 and didn't realize that when I had implemented/enabled IPv6 that it would removed the IPv4 as been checked as a default route also...so I had to go to System > Routing to check the IPv4 box...the real reason that I could not register key...all is good.

  • After configuring ACME and certifcates no CA is available

    1
    0 Votes
    1 Posts
    220 Views
    No one has replied
  • ACME Certificate renewal failed - invalid domain - since pkg v0.7.5

    5
    0 Votes
    5 Posts
    1k Views
    B

    @Gertjan said in ACME Certificate renewal failed - invalid domain - since pkg v0.7.5:

    You still need to ID, using a 'key'

    Yes, but's not a secret do you have at your DNS registrar as user login.
    To not leave the pfsense world we can find here BIND configuration steps.

    Thanks for your mentions.

  • 0 Votes
    12 Posts
    1k Views
    GertjanG

    @Unoptanio said in WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working:

    using the GUI, I deactivated the admin user.

    I created a new user "test2023"and gave him administrator privileges.

    Oho.
    Seems like a very bad idea to me.
    Non of the official Netgate docs gives such an advise.

    pfSEnse is a firewall, not some sort of NAS, or media serving thing with "multiple" users.
    Ones in a while, the big chief comes in (the admin) does it things, and then he leaves.

    True : others "users" can be created for OpenVPN purposes, but these do not interact with pfSense GUI, or SSH etc, it's just a means to identify and authorize the (OpenVPN) connection.
    Another example : captive portal users

  • 0 Votes
    5 Posts
    668 Views
    D

    Another benefit of using the ACME DNS method is wildcard names. I'd previously been using the http method with my namecheap hosted domain. I could not use their DNS API with my account. I then realised I could switch nameservers, on my namecheap account, to cloudflare and can now use the DNS method with pfSense ACME package.

  • dns-one.com not working

    3
    0 Votes
    3 Posts
    1k Views
    E

    The package still cant add txt record. You have to add txt manually and then update the cert.

  • ACME wildcard cert creation-need help.

    2
    0 Votes
    2 Posts
    459 Views
    AMG A35A

    Are you using HTTP challenge, has to be DNS challenge for wildcard. If have domains on dynu and pfSense gets wildcard certs fine with DNS challenge.

  • ACME Certificate renewal - Number of days to renew

    4
    0 Votes
    4 Posts
    580 Views
    T

    @Gertjan Thank you for clarifying that for me

  • 0 Votes
    5 Posts
    679 Views
    bthovenB

    @Gertjan Thanks. Sorry I didn't read your suggestion well. I've just deleted those expired certificates in System-->Certificates. It should be fine now.

  • SSL cert with purchased domain name

    5
    0 Votes
    5 Posts
    639 Views
    GertjanG

    @unraveller349

    Ah, ok.

    When you ask for a certicate, like pfsense.abc.net, you have to do this first :

    fefe3484-e51f-4ba4-a5b8-abcc744f42a7-image.png

    Btw :

    You've set this :

    c051c25c-7adf-4f4d-8df0-250ad459a25f-image.png

    ?
    If a new certificate was obtained, the webconfigurator has to be restarted so it will use the new certificate. That's what the 'action' is for.

    In your browser, you should from now on using

    https://pfsense.abc.net

    because the browser will first resolve 'pfsense.abc.net", it will obtain the pfSense LAN IP.
    Did you check that ?

    nslookup pfsense.abc.net

    returns 192.168.1.1 ? (or whatever your pfSense LAN IP is).

    Then it connects to 192.168.1.1, using port 443 (because of https).
    The web server, pfSense GUI, will send a certificate over that says : I'm am "pfsense.abc.net" and because the browser was looking for "pfsense.abc.net" everything is fine.

    If you were using https://192.168.1.1 then the test will fail.
    Because "192.168.1.1" isn't part of the name (SAN) of the certificate.

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.