Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    /usr/local/pkg/acme/acme_command.sh importcert

    Scheduled Pinned Locked Moved
    ACME
    3
    4
    531
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      luisenrique
      last edited by

      like the command help says:

      /usr/local/pkg/acme/acme_command.sh
      Use acme_command.sh like this:
      acme_command.sh renewall
      acme_command.sh importcert MyCertificate DomainName CertKeyPath CertPath CaCertPath CertFullChainPath
      acme_command.sh deploykey MyCertificate DomainName Token Payload
      acme_command.sh removekey MyCertificate DomainName Token
      acme_command.sh -- -perform=issue -certname=MyCertificate [-force]
      i run
      /usr/local/pkg/acme/acme_command.sh importcert Myibicsa ibicsa.co.cu iBICSA.CO.CU.key iBICSA.CO.CU.crt iBICSA.CO.CU.ca iBICSA.CO.CU.fullchain
      but nothin happens. my question is if i can execute alone this script to import from command line in another pfsense wiout internet access on it afther my certs are copiet to it. i'm looking and looking for some solution.
      regards
      /usr/local/pkg/acme/acme_command.sh
      Use acme_command.sh like this:
      acme_command.sh renewall
      acme_command.sh importcert MyCertificate DomainName CertKeyPath CertPath CaCertPath CertFullChainPath
      acme_command.sh deploykey MyCertificate DomainName Token Payload
      acme_command.sh removekey MyCertificate DomainName Token
      acme_command.sh -- -perform=issue -certname=MyCertificate [-force]
      i run
      /usr/local/pkg/acme/acme_command.sh importcert Myibicsa ibicsa.co.cu iBICSA.CO.CU.key iBICSA.CO.CU.crt iBICSA.CO.CU.ca iBICSA.CO.CU.fullchain
      but nothin happens. my question is if i can execute alone this script to import from command line in another pfsense wiout internet access on it afther my certs are copiet to it. i'm looking and looking for some solution.
      regards

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That script is not intended to be used manually, only by the ACME package itself as a part of the renewal process.

        It might work, it might not. I'd lean toward it not working, at least not how you expect.

        First thing I'd try is to use the full path to the files and not just the filenames.

        Remember: Upvote with the πŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 1
        • L
          luisenrique
          last edited by luisenrique

          hi @jimp i run the command in the directory where the certificates are, once executed apparently does not do anything, then I go to the web configuration and I see that I added a blank entry in acme certificates, so enable and edit that entry with the corresponding name ony, run issue button and i see in the system/certificate manager a private key alone... themr again execute the command with the paths of files and keys and there is the certificate imported.
          This command should be able to be executed manually, thus removing headaches using third-party scripts
          please sorry about my english and thanks for u time

          GertjanG 1 Reply Last reply Reply Quote 0
          • GertjanG
            Gertjan @luisenrique
            last edited by Gertjan

            @luisenrique said in /usr/local/pkg/acme/acme_command.sh importcert:

            thus removing headaches using third-party scripts

            The acme package could be considered as a third party script
            Ok, true, it has been developed by someone who happens to know pfSense pretty well.

            The thing is : the acme package is build own the existent acme freebsd package, and a boatload of GUI and other glue ware. If @jimp decides to remodel the package, your 'solution' will be broken.

            I advise you to use parts of the present (acme) code to make your own "insert cert" script.

            Btw : check out the code (acme.inc) : the cert should exists already :

            ($cert['descr'] == $certificatename)

            thus the cert description / name should already exists, and then it's updated.

            No "help me" PM's please. Use the forum, the community will thank you.
            Edit : and where are the logs ??

            1 Reply Last reply Reply Quote 1
            • First post
              Last post