CertBot / Let'sencrypt

phil123456

Hi,

I need to enable on node to be able to verify my SSL certificates when I create them
so I was wondering if there was no easier way, like a pfsense package that would allow cert validation without disabling front ends manualy

thanks

jimp

We have an ACME package that the firewall can use to issue/renew Let's Encrypt certificates for use by the firewall and services running on the firewall.

If that is not what you are after you are going to have to be a lot more detailed in your request.

What "node"? What "front ends" are you talking about disabling?

phil123456

well I have 3 apache servers behind a pfsense box,

so far

I disable the loadbalancing on two frontends
I certbot on the remaining frontend
once the cert is validated, I modify my apache config on that machine
Then I reenable the two other fronends
there is a replication going on for apache settings and cert files so the other two front ends get updated automaticaly

the problem is that I have to on on the pfsense admin to disable 2 frontends in the load balancer and if I am not there , my users cannot add new certificates for their applications

is it call ACME or is it a generic ACME term ?

jimp

What "load balancer"? Is it relayd or haproxy?

If it is relayd - there is no hope, it cannot be done with ACME/Let's Encrypt.

If you use HAProxy, it can be integrated with ACME/Let's Encrypt, there are many threads for this already.