LetsEncrypt - DNS



  • got it setup for management of the admin portal -
    specifically added only to allow certain inbound to WAN obviously but it is working and appears to have worked -

    using Godaddy DNS API

    so the question is this..

    I have some additional servers running behind the firewall on non-standard ports
    like 8443 - I can create the LE cert for one of these VMs, just not clear on how the VM gets the cert installed to use?
    using a Service Desk Plus specifically running on debian.

    Possibly best senario is setting up the LE-Script directly on that … but really liked the setup in PFsense - and saw it appeared others using it for regen of certs / VMs but was wondering how exactly that works.

    (8443 one of the CF allowed ports - at some point would switch then update LE DNS Method to CF)

    Hopefully that made any sense?

    And nice work by the way with all the different APIs didn't know acme had all those in there!



  • @B-C:

    like 8443 - I can create the LE cert for one of these VMs, just not clear on how the VM gets the cert installed to use?
    using a Service Desk Plus specifically running on debian.

    There is no such thing as a buildin script that copies a certificate (certificate files, or the whole bunch in a 'chained' file) from one device, pfSense, to another device, your server.
    The files have to get moved over, the service - the web server - has to be restarted.
    It is possible of course, but for your setup you need your script.

    When I renew my certificate for my pfsense (pfsense.mynetwork.tld) I also renew for diskstation.mynetwork.tld, printer1.mynetwork.tld printer2.mynetwork.tld, etc. I have to copies the needed  files over to the diskstation, printer1, printer2 etc - most of them do not even have a telnet or ssh access, so scripting is impossible.

    Best is to run some letsenscrypt support from these devices, if it is possible.