Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working

    Scheduled Pinned Locked Moved ACME
    12 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • UnoptanioU
      Unoptanio @Gertjan
      last edited by Unoptanio

      @Gertjan

      In the LAN using the pfsense fqn not work;
      2db0bd3a-7d59-469a-b5dd-1de38ecf40ce-image.png

      In the LAN using local IP of the gateway:
      38e06852-7383-4f18-aaaf-cd0a72203570-image.png

      I have a 16 static public IP. Virtual IP Address
      Pfsense answer on the first

      For security, how do I disable access to the firewall from the public static IP? My IP address never changes and is static 80.xxxxxxx
      5085102b-ac93-4b87-95ba-ad6a71ede242-image.png

      pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
      CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
      n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

      Bob.DigB 1 Reply Last reply Reply Quote 0
      • Bob.DigB
        Bob.Dig LAYER 8 @Unoptanio
        last edited by

        @Unoptanio said in WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working:

        For security, how do I disable access to the firewall from the public static IP?

        In your WAN-rules...

        UnoptanioU Bob.DigB 2 Replies Last reply Reply Quote 0
        • UnoptanioU
          Unoptanio @Bob.Dig
          last edited by

          @Bob-Dig can you help me make the rule?

          pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
          CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
          n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

          Bob.DigB 1 Reply Last reply Reply Quote 0
          • Bob.DigB
            Bob.Dig LAYER 8 @Unoptanio
            last edited by Bob.Dig

            @Unoptanio Show your WAN-rules and if you have (you shouldn't) your floating-rules. And you are missing the basics for using certificates so don't use LE for now.

            UnoptanioU 1 Reply Last reply Reply Quote 0
            • UnoptanioU
              Unoptanio @Bob.Dig
              last edited by

              @Bob-Dig b2325b71-7246-4fa8-b31b-d8c87962af19-image.png

              pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
              CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
              n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

              1 Reply Last reply Reply Quote 0
              • Bob.DigB
                Bob.Dig LAYER 8 @Bob.Dig
                last edited by Bob.Dig

                @Unoptanio said in WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working:

                For security, how do I disable access to the firewall from the public static IP?

                Why do you want to disable access from your static public IP at home?

                UnoptanioU 1 Reply Last reply Reply Quote 0
                • UnoptanioU
                  Unoptanio @Bob.Dig
                  last edited by Unoptanio

                  @Bob-Dig

                  @gertian says the correct safe way to do things is to access from outside via openvpn and acces to the firewal using local IP address of pfsense https://192.168.1.253:47000/

                  the idea is to not allow external access to the static public IP address pointing to the pfsense firewall. For web gui access only

                  pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                  CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                  n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                  GertjanG 1 Reply Last reply Reply Quote 0
                  • GertjanG
                    Gertjan @Unoptanio
                    last edited by

                    @Unoptanio said in WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working:

                    For web gui access only

                    In a perfect world, the pfSense GUI is only accessible from your LAN - nothings else.
                    Your LAN should only have devices that you trust.
                    The rest : on other 'LANs' ( OPTx interfaces).

                    This is not a golden rule of course. It's just mine.

                    No "help me" PM's please. Use the forum, the community will thank you.
                    Edit : and where are the logs ??

                    UnoptanioU 1 Reply Last reply Reply Quote 1
                    • UnoptanioU
                      Unoptanio @Gertjan
                      last edited by Unoptanio

                      @Gertjan

                      OK

                      using the GUI, I deactivated the admin user.

                      I created a new user "test2023"and gave him administrator privileges.
                      b62aa1c0-7415-4880-a485-28c28e4bbcce-image.png

                      Problem:
                      by connecting with the putty the pfsense shell no longer offers the classic menu that appeared when logging in as Admin.
                      Only a prompt appears

                      Login with user Test2023:
                      639caeaf-477e-47a8-8219-699922dc5448-image.png

                      Login with user Admin:
                      696d90a9-d8f9-477b-957c-f330923c9ab6-image.png

                      How do I view this menu, logging in with the Test2023 user?

                      pfSensePlus24.03 2U BareMetal Asrock Industrial IMB-X1314MicroATX
                      CPU: i7-13700@5.2GHz, RAM:32GB ECC, n°2 Samsung 870EVO SATA 2.5” SSD 1TB (ZFS) Raid1
                      n°3 Intel i225-LM 2500/1000/100Mbps, n°1 NIC Intel i350-T4V2 10/100/1000 Mbps 4*GLAN, n°1 Intel X520-DA2

                      GertjanG 1 Reply Last reply Reply Quote 0
                      • GertjanG
                        Gertjan @Unoptanio
                        last edited by Gertjan

                        @Unoptanio said in WEB GUI login using https with public IP address Certificate "Let's Encrypt" not working:

                        using the GUI, I deactivated the admin user.

                        I created a new user "test2023"and gave him administrator privileges.

                        Oho.
                        Seems like a very bad idea to me.
                        Non of the official Netgate docs gives such an advise.

                        pfSEnse is a firewall, not some sort of NAS, or media serving thing with "multiple" users.
                        Ones in a while, the big chief comes in (the admin) does it things, and then he leaves.

                        True : others "users" can be created for OpenVPN purposes, but these do not interact with pfSense GUI, or SSH etc, it's just a means to identify and authorize the (OpenVPN) connection.
                        Another example : captive portal users

                        No "help me" PM's please. Use the forum, the community will thank you.
                        Edit : and where are the logs ??

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.