Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    letsencrypt webconfigurator certificate expired - but it isn't!

    General pfSense Questions
    3
    7
    166
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sensewolf
      last edited by

      Hi,

      So I have been running pfsense for a couple of years now and I use the acme client to obtain letsencrypt certificates that haproxy uses. All of them are (also) wildcard certificates.

      One of those wildcard certificates I also use for the pfsense webconfigurator so that I can connect to pfsense.example.com. A while ago I started to get an error message in my browser that this certificate has expired (and now I can only connect via the IP address).

      But when I look on the acme certificates page, I can see that the certificate is not expired (but has been successfully renewed). And the same certificate works fine in haproxy.

      So what is going on?

      Any ideas? Thanks!

      johnpozJ GertjanG 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @sensewolf
        last edited by johnpoz

        @sensewolf might need to restart the webgui to pick up the new cert..

        what browser are you using - that doesn't let you proceed anyway after the warning?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        S 1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @sensewolf
          last edited by

          @sensewolf

          You've checked System > Advanced > Admin Access ?
          What cert is the GUI using ?
          ( you're using haproxy - not usre if the GUI cert is important or if the GUI is even using TLS ... )

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          S 1 Reply Last reply Reply Quote 0
          • S
            sensewolf @johnpoz
            last edited by

            @johnpoz Thank you! That did the trick.

            For future reference, this is how I restarted the webgui:

            Diagnostics > Command Prompt > Execute Shell Command: "/etc/rc.restart_webgui"

            I'm using Firefox which sometimes can be a bit over protective ;)

            1 Reply Last reply Reply Quote 0
            • S
              sensewolf @Gertjan
              last edited by

              @Gertjan

              Thank you for the hint! The GUI is using that particular cert. System > Certificates > Certificates also shows that cert as being used by "webConfigurator".

              But as johnpoz suggested, webConfigurator apparently wasn't picking up the renewed cert.

              GertjanG johnpozJ 2 Replies Last reply Reply Quote 0
              • GertjanG
                Gertjan @sensewolf
                last edited by

                @sensewolf said in letsencrypt webconfigurator certificate expired - but it isn't!:

                But as johnpoz suggested, webConfigurator apparently wasn't picking up the renewed cert.

                "Impossible ?! 🙂 ".

                See for yourself :
                d9cf1d10-5e00-470b-9e41-691e902ca951-image.png

                Isn't the /etc/etc/rc.restart_webgui - look again at the Examples help text - mandatory ??
                This line will restart the web GUI server when the certificate was renewed.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @sensewolf
                  last edited by johnpoz

                  @sensewolf restart the gui

                  restart.jpg

                  And yeah if your using acme for your webgui - then that command @Gertjan shows should be in your acme client.

                  I don't have it because I don't use them in my gui, only for my haproxy stuff

                  guirestart.jpg

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.