ACME, Google Domains and Method for challenge response
-
My brain is hurting from all the reading I did today. My goal was to replace my self signed certificates with signed ones. Here are the three main tutorials I have looked at.
https://doc.pfsense.org/index.php/ACME_package#Validation_Process
https://www.oneos.it/en/network/lets-encrypt-on-pfsense-webconfigurator/
https://blog.artooro.com/2017/02/16/quick-easy-lets-encrypt-setup-on-pfsense-using-acme/Currently I have 2 dynamic DNS clients enabled which are Google Domain Services and OpenDns. To keep things simple and automatic could anyone recommend a method for the ACME challenge. I dont run any public services.
-
The ACME package doesn't have support for either of those DNS providers if you want to update via DNS.
You could use standalone mode, but that would mean leaving port 80 open for it to work which isn't ideal.
-
Well I was able to get the certificate signed using port 443 and standalone mode. I disabled my vpn server and ran the commands. I am just going to manually renew it every 120 days. Thanks for the help hopefully I will find a better solution it is just for my house so not a big deal.