Lets encrypt on my captive portal
-
@Gertjan
Thanks in advance.
I used DNS-Manual to create it. In this way, will the certificate be automatically renewed every 60 days? -
@jperezme said in Lets encrypt on my captive portal:
I used DNS-Manual to create it. In this way, will the certificate be automatically renewed every 60 days?
Manual is to opposite of automatic
Manual is good for the nerd that want to the the "rocket science" themselves.
If your domain registrar is on this list and you can find the correct acme DNS API :
edit :
Better safe then sorry : Set DNS-Sleep to 120 seconds or more.
-
@Gertjan
My domain registar is not on that list. -
@jperezme said in Lets encrypt on my captive portal:
My domain registar is not on that list.
The list represents the methods.
Check with your registrar what method they propose.
Who is it ? -
-
If domain.com is your registrar, all I (not me, I use Google, so blame them if I'm mistaken) could find is :
https://www.domain.com/help/article/enable-your-free-ssl-certificate
and that means : If you have a domain name with them, you can activate a free "Letsencrypt" certicate for your site (hosted on their equipment). You probably can't download the certificate files.
Also : when you rent a domain name, and you want to use it for your local captive portal so login takes place using an url like https://portal.your-local-site.tld then you shouldn't use the "your-local-site.tld" domain name on the Internet. It still exists on the Internet, of course, as you rented it.Example.
I have a hotel, which means clients are always asking : what is your hotel's Wifi ?
I have a domain name, "bhf.net" which I use for my LAN devices, and my captive portal, so I can support the https login page for my portal.
The acme pfSense package handles the wild card domain "bhf.net" renewal every 60 days.
I had also declared "portal.bhf.net" (added to the Resolver page : Host overrides) "portal.bhf.net" where it points to 192.168.2.1, which my pfSense captive portal dedicated interface.On the captive portal settings page, I select this :
and done.
The pfSense GUI web server uses the same certificate, so https access for the GUI is now also set up.
-
@Gertjan
I still don't understand how I can tell Acme when I create the certificate which DNS method to use.
I have created in DNS to resolve the entry portal.midominio.com pointing to the address 172.16.30.1, which is the IP of the captive portal.
-
That's a wild card.
These are the "rules" :
You have to do this :
add two domainname's - as shown in the image.
One with the domain name only, the other with a *. in front of it.And, as mentioned here : Let's encrypt Challenge types :
DNS-01 challenge
This challenge asks you to prove that you control the DNS for your domain name by putting a specific value in a TXT record under that domain name. It is harder to configure than HTTP-01, but can work in scenarios that HTTP-01 can’t. It also allows you to issue wildcard certificates.
HTTP-01, like your selected webroot method, can't.
-
I have used wild card because you told me previus message i only need works with portal.midominio.com
I suppose i ddn't understand you. -
Methods used, wildcards etc, don't forget to watch the movie.
