CertBot / Let'sencrypt

  • Hi,

    I need to enable on node to be able to verify my SSL certificates when I create them
    so I was wondering if there was no easier way, like a pfsense package that would allow cert validation without disabling front ends manualy


  • Rebel Alliance Developer Netgate

    We have an ACME package that the firewall can use to issue/renew Let's Encrypt certificates for use by the firewall and services running on the firewall.

    If that is not what you are after you are going to have to be a lot more detailed in your request.

    What "node"? What "front ends" are you talking about disabling?

  • well I have 3 apache servers behind a pfsense box,

    so far

    I disable the loadbalancing on two frontends
    I certbot on the remaining frontend
    once the cert is validated, I modify my apache config on that machine
    Then I reenable the two other fronends
    there is a replication going on for apache settings and cert files so the other two front ends get updated automaticaly

    the problem is that I have to on on the pfsense admin to disable 2 frontends in the load balancer and if I am not there , my users cannot add new certificates for their applications

    is it call ACME or is it a generic ACME term ?

  • Rebel Alliance Developer Netgate

    What "load balancer"? Is it relayd or haproxy?

    If it is relayd - there is no hope, it cannot be done with ACME/Let's Encrypt.

    If you use HAProxy, it can be integrated with ACME/Let's Encrypt, there are many threads for this already.

Log in to reply