Automatically renew Lets Encrypt with Squid reverse proxy



  • [Posted before in a topic by someone else, bad idea, it was unanswered]

    I want to use a Lets Encrypt certificate with the Squid reverse proxy.
    Renewal of the certificate all works fine but Squid keeps serving the old certificate.

    The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
    What however does help is pressing Save in the Squid reverse proxy page.

    My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

    Is there a way to do this 'Save' as renewal action after the ACME refresh?


  • Banned

    @joppybt:

    The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help.

    Won't work, you need something like squid_resync_general() (see squid.inc)



  • @joppybt:

    [Posted before in a topic by someone else, bad idea, it was unanswered]

    I want to use a Lets Encrypt certificate with the Squid reverse proxy.
    Renewal of the certificate all works fine but Squid keeps serving the old certificate.

    The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
    What however does help is pressing Save in the Squid reverse proxy page.

    My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

    Is there a way to do this 'Save' as renewal action after the ACME refresh?

    Hi - I'm having the same problem with Squid, did you solve this so that the certificate autoupdates in squid? - and if so, how? :-)


  • Banned

    The solution is right above your post.



  • @doktornotor:

    The solution is right above your post.

    Yes, and i tried to insert both:

    squid_resync_general()

    and

    require 'squid.inc'; squid_resync_general();

    as a php command script under Actions for my certificate, but it did not work.
    I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.



  • @ferao:

    @doktornotor:

    The solution is right above your post.

    Yes, and i tried to insert both:

    squid_resync_general()

    and

    require 'squid.inc'; squid_resync_general();

    as a php command script under Actions for my certificate, but it did not work.
    I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.

    Since i was unable to find the correct syntax / solution on my own, i was hoping that someone else, better at pfsense / php, would be so kind that they would provide me with the solution, if it was known to them.

    Regards



  • @doktornotor:

    The solution is right above your post.

    would you be so kind as to write the correct command with syntax and all? - would that be possible?

    thanks in advance.



  • @doktornotor:

    The solution is right above your post.

    Hi Doktornotor

    Can i trouble you for the correct syntax for this command?



  • Has someone found a solution for resync the squid certs and/or restarting squid?

    Thanks



  • I'm facing the same issue. Has anyone found a solution?

    I'm googling about "squid_resync_general()" but can't find anything usefull :(



  • Any news or hints on this. I Got Acme/Letsencrypt working and automated accept for Squid Reverse Proxy (I have to manualy reselect the SSL certificate in the web configurator and save and restart Squid Reverse Proxy)



  • ::)



  • Hello matthijs,

    I am almost sure I find your solution (I needed it too).

    Here is my idea :

    1. run the function which is called when someone presses the 'save button' on 'reverse proxy' GUI page, but run it from the command line.
    2. and then, restart squid.

    And here are commands I came up with:

    using php, include 'squid.inc' and 'squid_reverse.inc' file, launch 'squid_resync_reverse' function

    php -r "require_once('/usr/local/pkg/squid.inc'); require_once('/usr/local/pkg/squid_reverse.inc'); squid_resync_reverse();"

    using basic command line, restart squid

    /usr/local/etc/rc.d/squid.sh restart

    It worked for me once, while pressing 'Issue / Renwe' button. I know need to wait for xx days to see if it does it automatically too (but it should).

    Hope it will help you (and others ;-) ).


Log in to reply