ZeroSSL wildcard certificates

WhiteAls

ZeroSSL can issue wildcard certificates.
But when you try to add a new certificate an error appears

A wildcard 'Domainname' is present but the ACME Account key is not registered to an ACME v2 server.

Is it a pfSense package bug?

khj

Any updates here? I have the same issue....

Gertjan

I guess the GUI checking is a bit to 'ACME focussed'.

I mean : see here : /usr/local/www/acme/acme_certificates_edit.php lines 234 and 234 :

			if (substr($account['acmeserver'], -2, 2) != '-2') {
				$input_errors[] = "A wildcard 'Domainname' is present but the ACME Account key is not registered to an ACME v2 server.";

The test is ok, as ACME needed the V2 servers to work with wildcards.
The value for a V2 server from acme is

[acmeserver] => letsencrypt-production-2

so, cool, the test succeeds.

For ZeroSSL, the value will be

[acmeserver] => zerossl-production

and there is no "-2" in the string now.
So the test fails, and you see your 'error' message.

What you could try : ditch the test ;)
Like :

//			if (substr($account['acmeserver'], -2, 2) != '-2') {
//				$input_errors[] = "A wildcard 'Domainname' is present but the ACME Account key is not registered to an ACME v2 server.";

You saw the two // at the start of each line ? Add them.

Or : easy : why using ZeroSSL ? Shift back to Letsencrypt V2 servers and call it a day.

The very best thing would be a signal to the author - or, even better : drop in here https://redmine.pfsense.org/projects/pfsense-packages and do what has to be done.

Btw : as usual : I think I can read, so I think I understood the issue. This doesn't mean I'm right. Jimp will tell.

khj

Thanks!

Disabling the check works :-) But it seems like a lame check....

Gertjan

@khj said in ZeroSSL wildcard certificates:

But it seems like a lame check....

IMHO : The check was made because only the V2 servers of Letsencrypt could support the new (back then) wild card support.