Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automatically renew Lets Encrypt with Squid reverse proxy

    Scheduled Pinned Locked Moved ACME
    13 Posts 7 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joppybt
      last edited by

      [Posted before in a topic by someone else, bad idea, it was unanswered]

      I want to use a Lets Encrypt certificate with the Squid reverse proxy.
      Renewal of the certificate all works fine but Squid keeps serving the old certificate.

      The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
      What however does help is pressing Save in the Squid reverse proxy page.

      My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

      Is there a way to do this 'Save' as renewal action after the ACME refresh?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        @joppybt:

        The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help.

        Won't work, you need something like squid_resync_general() (see squid.inc)

        1 Reply Last reply Reply Quote 0
        • F
          ferao
          last edited by

          @joppybt:

          [Posted before in a topic by someone else, bad idea, it was unanswered]

          I want to use a Lets Encrypt certificate with the Squid reverse proxy.
          Renewal of the certificate all works fine but Squid keeps serving the old certificate.

          The renew action is set to /usr/local/etc/rc.d/squid.sh restart but that does not help. Even when I ssh into the box and do this restart manually it makes no difference.
          What however does help is pressing Save in the Squid reverse proxy page.

          My guess: Squid makes a local copy of the certificates in "/usr/local/etc/squid" and only refreshes this on Save, not on reload.

          Is there a way to do this 'Save' as renewal action after the ACME refresh?

          Hi - I'm having the same problem with Squid, did you solve this so that the certificate autoupdates in squid? - and if so, how? :-)

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            The solution is right above your post.

            1 Reply Last reply Reply Quote 0
            • F
              ferao
              last edited by

              @doktornotor:

              The solution is right above your post.

              Yes, and i tried to insert both:

              squid_resync_general()

              and

              require 'squid.inc'; squid_resync_general();

              as a php command script under Actions for my certificate, but it did not work.
              I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.

              1 Reply Last reply Reply Quote 0
              • F
                ferao
                last edited by

                @ferao:

                @doktornotor:

                The solution is right above your post.

                Yes, and i tried to insert both:

                squid_resync_general()

                and

                require 'squid.inc'; squid_resync_general();

                as a php command script under Actions for my certificate, but it did not work.
                I'm not expirienced with this, so i'm at a loss, and so far, researching php commands and pfsense did not provide a final solution.

                Since i was unable to find the correct syntax / solution on my own, i was hoping that someone else, better at pfsense / php, would be so kind that they would provide me with the solution, if it was known to them.

                Regards

                1 Reply Last reply Reply Quote 0
                • F
                  ferao
                  last edited by

                  @doktornotor:

                  The solution is right above your post.

                  would you be so kind as to write the correct command with syntax and all? - would that be possible?

                  thanks in advance.

                  1 Reply Last reply Reply Quote 0
                  • F
                    ferao
                    last edited by

                    @doktornotor:

                    The solution is right above your post.

                    Hi Doktornotor

                    Can i trouble you for the correct syntax for this command?

                    1 Reply Last reply Reply Quote 0
                    • B
                      Bigdaddy168
                      last edited by

                      Has someone found a solution for resync the squid certs and/or restarting squid?

                      Thanks

                      1 Reply Last reply Reply Quote 0
                      • C
                        chgonzalez
                        last edited by

                        I'm facing the same issue. Has anyone found a solution?

                        I'm googling about "squid_resync_general()" but can't find anything usefull :(

                        1 Reply Last reply Reply Quote 0
                        • M
                          matthijs
                          last edited by

                          Any news or hints on this. I Got Acme/Letsencrypt working and automated accept for Squid Reverse Proxy (I have to manualy reselect the SSL certificate in the web configurator and save and restart Squid Reverse Proxy)

                          1 Reply Last reply Reply Quote 0
                          • M
                            matthijs
                            last edited by

                            ::)

                            1 Reply Last reply Reply Quote 0
                            • M
                              MrEddyIAW
                              last edited by

                              Hello matthijs,

                              I am almost sure I find your solution (I needed it too).

                              Here is my idea :

                              1. run the function which is called when someone presses the 'save button' on 'reverse proxy' GUI page, but run it from the command line.
                              2. and then, restart squid.

                              And here are commands I came up with:

                              using php, include 'squid.inc' and 'squid_reverse.inc' file, launch 'squid_resync_reverse' function

                              php -r "require_once('/usr/local/pkg/squid.inc'); require_once('/usr/local/pkg/squid_reverse.inc'); squid_resync_reverse();"

                              using basic command line, restart squid

                              /usr/local/etc/rc.d/squid.sh restart

                              It worked for me once, while pressing 'Issue / Renwe' button. I know need to wait for xx days to see if it does it automatically too (but it should).

                              Hope it will help you (and others ;-) ).

                              1 Reply Last reply Reply Quote 2
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.