Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Lets Encrypt certificate files in /conf/acme - What is what here?

    General pfSense Questions
    3
    5
    681
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      coder
      last edited by

      Hi,

      Can anybody explain what files are saved to /conf/acme when generating a Lets Encrypt wildcard certificate. I have created a script for copying certificate files upon renewal to a VPS server in the cloud. And there I want to configure nginx to use the correct certificate files to enable ssl for ex. site.mydomain.com using this wildcard certificate.

      Setting up nginx certificate files for ssl_certificate vs ssl_certificate_key, one typically uses the fullchain .pem for ssl_certificate configuration key in /template/ssl_tmpl (nginx), and the privkey.key for ssl_certificate_key configuration key in /template/ssl_tmpl (nginx).

      So, which file from pfsense is to be used here? Or must some of them be converted och merged with other files before they can be use by nginx?

      Regards

      NollipfSenseN GertjanG 2 Replies Last reply Reply Quote 0
      • NollipfSenseN
        NollipfSense @coder
        last edited by

        @coder Hope you might find answers here: https://docs.netgate.com/pfsense/en/latest/packages/acme/general.html#validation-process

        pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
        pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan @coder
          last edited by

          @coder said in Lets Encrypt certificate files in /conf/acme - What is what here?:

          So, which file ....

          Shouldn't be that hard :

          [2.5.1-RELEASE][admin@pfsense.my-pfsense.net]/conf/acme: ls -al
total 32
drwxr-xr-x  2 root  wheel  1024 Sep 27  2018 .
drwxr-xr-x  4 root  wheel  2048 Apr 21 09:12 ..
-rw-r--r--  1 root  wheel  7069 Mar 22 03:17 V2_my-pfsense.all.pem
-rw-r--r--  1 root  wheel  1586 Mar 22 03:17 V2_my-pfsense.ca
-rw-r--r--  1 root  wheel  2236 Mar 22 03:17 V2_my-pfsense.crt
-rw-r--r--  1 root  wheel  3822 Mar 22 03:17 V2_my-pfsense.fullchain
-rw-r--r--  1 root  wheel  3247 Mar 22 03:17 V2_my-pfsense.net.key

          The 'fullchain' is the crt+ca added.
          The 'pem' is the crt+key+ca added.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          C 1 Reply Last reply Reply Quote 0
          • C
            coder @Gertjan
            last edited by coder

            @gertjan

            Thanks! Ok, so maybe the .fullchain file and the .key file, are the ones to be used in nginx!?

            But are they .pem's, or do they need to be converted? I have already tried to configure the .fullchain and .key files in /etc/ssl/certs and /etc/ssl/private respectively in nginx. But it doesn't work. Do I need to some conversion here, or have I simply done something wrong in the nginx config?

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @coder
              last edited by

              @coder said in Lets Encrypt certificate files in /conf/acme - What is what here?:

              But it doesn't work

              Install Google.

              Type nginx fullchain and Enter.

              Use any of the 984255865 supplied links to guide you.
              Example, the official one is here.

              The "ssl_certificate" settings needs the fullchain.pem ( V2_my-pfsense.fullchain ) file.
              The "ssl_certificate_key" setting needs the privkey.pem;(my V2_my-pfsense.net.key) file.

              You could also have a look at this file :
              /var/etc/nginx-webConfigurator.conf
              It's the web configuartion file of pfSense.
              Guess what : pfSnse uses nginx.

              ...		
		ssl_certificate         /var/etc/cert.crt;
		ssl_certificate_key     /var/etc/cert.key;
...

              and compare these two file with what you found in /cf/conf/acme/ (that is, if you obtain your certs using the pfSense acme package).

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.