-
Dear Jim,
Transporting the certificate files based on scripts outside pfsense appears to be relatively easy to me. As you wrote, daily cron jobs would be sufficient. A bigger hurdle is to upload the certificate to the target system. One would have to replace a given certificate by its successor without changing the name. Is there a good way to execute such job for example command line via SSH?
Regards,
Michael Schefczyk
-
Hello!
Acme2 is out and wildcard certs (test) as well.
Acme.sh also supports new v2 protocol.
Can we expect package update before feb 27th?
Thanks! -
v2 is not "out" yet, there is a staging server for it.
I just synchronized to the latest acme.sh code on the 5th but their v2 support is still in a separate branch.
We won't be adding support until at least they merge it into their master branch. It's still super early and there isn't any practical use for it yet, the v2 staging servers are not trusted by anyone either.
tl;dr: We'll support it when it's ready, and it isn't ready yet, but we are keeping a very close eye on it.
-
Thanks, perfect answer
-
Hi, I am new to Pfsense. What is ACME?
-
-
Hi Jimp,
Just upgraded to version 0.1.34 (on pfSense 2.3.5_p1), on a manual 'Issue/Renew' i'm now getting:
[Thu Jan 11 20:32:39 CET 2018] Verifying:jetmix.nl [Thu Jan 11 20:32:39 CET 2018] Standalone mode server echo: write error on stdout echo: write error on stdout echo: write error on stdout echo: write error on stdout [Thu Jan 11 20:32:43 CET 2018] jetmix.nl:Verify error:Invalid response from ...Edit: i revisited the config and saved it ones more, now the error is gone⦠solved.
-
Hmm, I'll have to setup a test for that. I have tested standalone mode (IPv4 and IPv6) on 2.4.x but I didn't test it on 2.3.x. I don't immediately see what would make a difference or cause that error, however.
-
Hi Jimp,
Edited my original post: a revisit of the config and save solved the problem.Thanks for the reply.
-
ok, thanks!
-
I've been attempting to get this working for the past few days now.
At first I was trying on IPv4 and kept getting 400 timeouts. Now I am attempting on my IPv6 address, and can confim that the packets are not blocked by the firewall due to my permit statment having hits.
I am getting the error```
Error, can not get domain token fw.pardigital.net -
I've been attempting to get this working for the past few days now.
At first I was trying on IPv4 and kept getting 400 timeouts. Now I am attempting on my IPv6 address, and can confim that the packets are not blocked by the firewall due to my permit statment having hits.
I am getting the error```
Error, can not get domain token fw.pardigital.netThat's actually the script unable to parse a response back from ACME, and not something local failing. There must be something in the response they are sending that is different for that domain or unexpected in some way. The code around where that message is triggered hasn't changed in nearly a year or more. Please start a new thread to investigate that on its own since it doesn't appear to be related to this update.
-
Of course this isn't a general discussion thread, my mistake .
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.