Understanding ACME package



  • Hi all, I'm reading documentation about certbot/letsencrypt.
    I found the ACME package.
    Please consider my experience is limited and I'm trying, to figure out the logical flow before all.

    Consider the scenario of a single web server with some virtual hosts.
    Pfsense/ACME takes care of generating and renewing one or more certificates.
    In other words the stay on pfsense and not on the web server.
    Will I have then to set HA proxy as reverse proxy?


  • Rebel Alliance Developer Netgate

    That depends on what you want to do with them.

    You can have pfSense handle the certificates using the ACME package and HAProxy, and then HAProxy will hand off to the web server.

    Or if you use a port forward or 1:1 NAT to redirect traffic back to a web server behind pfSense, then pfSense would not have any involvement in the certificates for that web server. You would install certbot or something similar on your web server and that wouldn't have anything to do with pfSense.



  • Or if you use a port forward or 1:1 NAT to redirect traffic back to a web server behind pfSense, then pfSense would not have any involvement in the certificates for that web server. You would install certbot or something similar on your web server and that wouldn't have anything to do with pfSense.

    nextcloud

    collabora

    • Remove port forwarding

    • Install HA Proxy

    • Configure a backend for the debian host with nextcloud with ssl offload

    • Configure a backend for the second host with collabora

    • Configure collabora in SSL termination mode

    • Configure ACME to create and update cerficates for my virtual hosts


Log in to reply