Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Understanding ACME package

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 785 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sirio81
      last edited by

      Hi all, I'm reading documentation about certbot/letsencrypt.
      I found the ACME package.
      Please consider my experience is limited and I'm trying, to figure out the logical flow before all.

      Consider the scenario of a single web server with some virtual hosts.
      Pfsense/ACME takes care of generating and renewing one or more certificates.
      In other words the stay on pfsense and not on the web server.
      Will I have then to set HA proxy as reverse proxy?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That depends on what you want to do with them.

        You can have pfSense handle the certificates using the ACME package and HAProxy, and then HAProxy will hand off to the web server.

        Or if you use a port forward or 1:1 NAT to redirect traffic back to a web server behind pfSense, then pfSense would not have any involvement in the certificates for that web server. You would install certbot or something similar on your web server and that wouldn't have anything to do with pfSense.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • S
          sirio81
          last edited by

          Or if you use a port forward or 1:1 NAT to redirect traffic back to a web server behind pfSense, then pfSense would not have any involvement in the certificates for that web server. You would install certbot or something similar on your web server and that wouldn't have anything to do with pfSense.

          nextcloud

          collabora

          • Remove port forwarding

          • Install HA Proxy

          • Configure a backend for the debian host with nextcloud with ssl offload

          • Configure a backend for the second host with collabora

          • Configure collabora in SSL termination mode

          • Configure ACME to create and update cerficates for my virtual hosts

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.