• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

letsencrypt webconfigurator certificate expired - but it isn't!

General pfSense Questions
3
7
260
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    sensewolf
    last edited by Feb 25, 2025, 8:31 PM

    Hi,

    So I have been running pfsense for a couple of years now and I use the acme client to obtain letsencrypt certificates that haproxy uses. All of them are (also) wildcard certificates.

    One of those wildcard certificates I also use for the pfsense webconfigurator so that I can connect to pfsense.example.com. A while ago I started to get an error message in my browser that this certificate has expired (and now I can only connect via the IP address).

    But when I look on the acme certificates page, I can see that the certificate is not expired (but has been successfully renewed). And the same certificate works fine in haproxy.

    So what is going on?

    Any ideas? Thanks!

    J G 2 Replies Last reply Feb 25, 2025, 8:40 PM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @sensewolf
      last edited by johnpoz Feb 25, 2025, 8:41 PM Feb 25, 2025, 8:40 PM

      @sensewolf might need to restart the webgui to pick up the new cert..

      what browser are you using - that doesn't let you proceed anyway after the warning?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

      S 1 Reply Last reply Feb 26, 2025, 12:33 PM Reply Quote 0
      • G
        Gertjan @sensewolf
        last edited by Feb 26, 2025, 7:27 AM

        @sensewolf

        You've checked System > Advanced > Admin Access ?
        What cert is the GUI using ?
        ( you're using haproxy - not usre if the GUI cert is important or if the GUI is even using TLS ... )

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Feb 26, 2025, 12:37 PM Reply Quote 0
        • S
          sensewolf @johnpoz
          last edited by Feb 26, 2025, 12:33 PM

          @johnpoz Thank you! That did the trick.

          For future reference, this is how I restarted the webgui:

          Diagnostics > Command Prompt > Execute Shell Command: "/etc/rc.restart_webgui"

          I'm using Firefox which sometimes can be a bit over protective ;)

          1 Reply Last reply Reply Quote 0
          • S
            sensewolf @Gertjan
            last edited by Feb 26, 2025, 12:37 PM

            @Gertjan

            Thank you for the hint! The GUI is using that particular cert. System > Certificates > Certificates also shows that cert as being used by "webConfigurator".

            But as johnpoz suggested, webConfigurator apparently wasn't picking up the renewed cert.

            G J 2 Replies Last reply Feb 26, 2025, 12:47 PM Reply Quote 0
            • G
              Gertjan @sensewolf
              last edited by Feb 26, 2025, 12:47 PM

              @sensewolf said in letsencrypt webconfigurator certificate expired - but it isn't!:

              But as johnpoz suggested, webConfigurator apparently wasn't picking up the renewed cert.

              "Impossible ?! 🙂 ".

              See for yourself :
              login-to-view

              Isn't the /etc/etc/rc.restart_webgui - look again at the Examples help text - mandatory ??
              This line will restart the web GUI server when the certificate was renewed.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • J
                johnpoz LAYER 8 Global Moderator @sensewolf
                last edited by johnpoz Feb 26, 2025, 12:51 PM Feb 26, 2025, 12:47 PM

                @sensewolf restart the gui

                login-to-view

                And yeah if your using acme for your webgui - then that command @Gertjan shows should be in your acme client.

                I don't have it because I don't use them in my gui, only for my haproxy stuff

                login-to-view

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 1
                2 out of 7
                • First post
                  2/7
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.