Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME pkg v0.7.5

    Scheduled Pinned Locked Moved ACME
    3 Posts 2 Posters 650 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • jimpJ
      jimp Rebel Alliance Developer Netgate
      last edited by

      ACME pkg v0.7.5 is building now and will be available shortly for Plus 23.05.1, CE 2.7.0, and dev snapshots for Plus and CE.

      This version addresses several issues with ACME private key handling as described in https://redmine.pfsense.org/issues/14592

      The next time a certificate renews after this update, check and make sure the private key is updated and matches the settings in the ACME certificate entry.

      For example, look in the ACME certificate entry settings at the Private Key setting:

      a7640410-4643-42e9-92e3-1db1870b696f-image.png

      Then look in the certificate manager at the corresponding entry for the same certificate and check its private key details (Click the "i" icon):

      8682b4f7-45d2-47c0-adfa-eb70ee421845-image.png

      If you check before it renews, it may not match, indicating the package wasn't honoring the setting properly. It should match after renewing the next time, and will also honor future changes going forward if you change the key length/type and then renew again.

      Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      johnpozJ 1 Reply Last reply Reply Quote 3
      • jimpJ jimp pinned this topic on
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @jimp
        last edited by

        @jimp hmm - I didn't see this with v0.7.4, I just double checked mine. And I had changed one from being the old rsa type even. Guess I got lucky.

        Thanks for the update and info..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        jimpJ 1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate @johnpoz
          last edited by

          @johnpoz said in ACME pkg v0.7.5:

          @jimp hmm - I didn't see this with v0.7.4, I just double checked mine. And I had changed one from being the old rsa type even. Guess I got lucky.

          Thanks for the update and info..

          I checked a couple of mine and almost all of mine were at the default (RSA, 2048) so they never hit this bug since when it would run it checked that the old key type/length matched and it always did.

          The couple I saw that I set differently in ACME were also actually RSA 2048 in the cert manager, not what I picked, but they were fine after updating.

          I know I've seen a few other posts over the years about people saying it didn't respect their key choices but at the time I couldn't reproduce it. Not sure what changed/when but either way it should be good all around now.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • jimpJ jimp unpinned this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.