-
[Posted before in a topic by someone else, bad idea, it was unanswered]
I want to use a Lets Encrypt certificate with the Squid reverse proxy.
Renewal of the certificate all works fine but Squid keeps serving the old certificate.The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
What however does help is pressing Save in the Squid reverse proxy page.My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.
Is there a way to do this 'Save' as renewal action after the ACME refresh?
-
The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help.
Won't work, you need something like squid_resync_general() (see squid.inc)
-
[Posted before in a topic by someone else, bad idea, it was unanswered]
I want to use a Lets Encrypt certificate with the Squid reverse proxy.
Renewal of the certificate all works fine but Squid keeps serving the old certificate.The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
What however does help is pressing Save in the Squid reverse proxy page.My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.
Is there a way to do this 'Save' as renewal action after the ACME refresh?
Hi - I'm having the same problem with Squid, did you solve this so that the certificate autoupdates in squid? - and if so, how? :-)
-
The solution is right above your post.
-
The solution is right above your post.
Yes, and i tried to insert both:
squid_resync_general()
and
require 'squid.inc'; squid_resync_general();
as a php command script under Actions for my certificate, but it did not work.
I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution. -
The solution is right above your post.
Yes, and i tried to insert both:
squid_resync_general()
and
require 'squid.inc'; squid_resync_general();
as a php command script under Actions for my certificate, but it did not work.
I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.Since i was unable to find the correct syntax / solution on my own, i was hoping that someone else, better at pfsense / php, would be so kind that they would provide me with the solution, if it was known to them.
Regards
-
The solution is right above your post.
would you be so kind as to write the correct command with syntax and all? - would that be possible?
thanks in advance.
-
The solution is right above your post.
Hi Doktornotor
Can i trouble you for the correct syntax for this command?
-
Has someone found a solution for resync the squid certs and/or restarting squid?
Thanks
-
I'm facing the same issue. Has anyone found a solution?
I'm googling about "squid_resync_general()" but can't find anything usefull :(
-
Any news or hints on this. I Got Acme/Letsencrypt working and automated accept for Squid Reverse Proxy (I have to manualy reselect the SSL certificate in the web configurator and save and restart Squid Reverse Proxy)
-
::)
-
Hello matthijs,
I am almost sure I find your solution (I needed it too).
Here is my idea :
- run the function which is called when someone presses the 'save button' on 'reverse proxy' GUI page, but run it from the command line.
- and then, restart squid.
And here are commands I came up with:
using php, include 'squid.inc' and 'squid_reverse.inc' file, launch 'squid_resync_reverse' function
php -r "require_once('/usr/local/pkg/squid.inc'); require_once('/usr/local/pkg/squid_reverse.inc'); squid_resync_reverse();"
using basic command line, restart squid
/usr/local/etc/rc.d/squid.sh restart
It worked for me once, while pressing 'Issue / Renwe' button. I know need to wait for xx days to see if it does it automatically too (but it should).
Hope it will help you (and others ;-) ).
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.