Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ACME Package Updates 0.1.31-0.1.34

    Scheduled Pinned Locked Moved ACME
    16 Posts 7 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michaelschefczyk
      last edited by

      Dear Jim,

      Transporting the certificate files based on scripts outside pfsense appears to be relatively easy to me. As you wrote, daily cron jobs would be sufficient. A bigger hurdle is to upload the certificate to the target system. One would have to replace a given certificate by its successor without changing the name. Is there a good way to execute such job for example command line via SSH?

      Regards,

      Michael Schefczyk

      1 Reply Last reply Reply Quote 0
      • M
        maverick_slo
        last edited by

        Hello!
        Acme2 is out and wildcard certs (test) as well.
        Acme.sh also supports new v2 protocol.
        Can we expect package update before feb 27th?
        Thanks!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          v2 is not "out" yet, there is a staging server for it.

          I just synchronized to the latest acme.sh code on the 5th but their v2 support is still in a separate branch.

          We won't be adding support until at least they merge it into their master branch. It's still super early and there isn't any practical use for it yet, the v2 staging servers are not trusted by anyone either.

          tl;dr: We'll support it when it's ready, and it isn't ready yet, but we are keeping a very close eye on it.

          Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • M
            maverick_slo
            last edited by

            Thanks, perfect answer 😊

            1 Reply Last reply Reply Quote 0
            • S
              shan52
              last edited by

              Hi, I am new to Pfsense. What is ACME?

              1 Reply Last reply Reply Quote 0
              • GertjanG
                Gertjan
                last edited by

                @shan52:

                Hi, I am new to Pfsense. What is ACME?

                Checkout ACME.
                It's also the name of a pfSense package.
                I advise you also to start reading here https://letsencrypt.org/

                edit : stupid me, I replied to a spammer ….

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • H
                  hakkers
                  last edited by

                  Hi Jimp,

                  Just upgraded to version 0.1.34 (on pfSense 2.3.5_p1), on a manual 'Issue/Renew' i'm now getting:

                  [Thu Jan 11 20:32:39 CET 2018] Verifying:jetmix.nl
                  [Thu Jan 11 20:32:39 CET 2018] Standalone mode server
                  echo: write error on stdout
                  echo: write error on stdout
                  echo: write error on stdout
                  echo: write error on stdout
                  [Thu Jan 11 20:32:43 CET 2018] jetmix.nl:Verify error:Invalid response from ...
                  

                  Edit: i revisited the config and saved it ones more, now the error is gone… solved.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    Hmm, I'll have to setup a test for that. I have tested standalone mode (IPv4 and IPv6) on 2.4.x but I didn't test it on 2.3.x. I don't immediately see what would make a difference or cause that error, however.

                    Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • H
                      hakkers
                      last edited by

                      Hi Jimp,
                      Edited my original post: a revisit of the config and save solved the problem.

                      Thanks for the reply.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        ok, thanks!

                        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • P
                          packetman_
                          last edited by

                          I've been attempting to get this working for the past few days now.
                          At first I was trying on IPv4 and kept getting 400 timeouts. Now I am attempting on my IPv6 address, and can confim that the packets are not blocked by the firewall due to my permit statment having hits.
                          I am getting the error```
                          Error, can not get domain token fw.pardigital.net

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            @packetman_:

                            I've been attempting to get this working for the past few days now.
                            At first I was trying on IPv4 and kept getting 400 timeouts. Now I am attempting on my IPv6 address, and can confim that the packets are not blocked by the firewall due to my permit statment having hits.
                            I am getting the error```
                            Error, can not get domain token fw.pardigital.net

                            That's actually the script unable to parse a response back from ACME, and not something local failing. There must be something in the response they are sending that is different for that domain or unexpected in some way. The code around where that message is triggered hasn't changed in nearly a year or more. Please start a new thread to investigate that on its own since it doesn't appear to be related to this update.

                            Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • P
                              packetman_
                              last edited by

                              Of course this isn't a general discussion thread, my mistake .

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.