Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LetsEncrypt - DNS

    Scheduled Pinned Locked Moved ACME
    2 Posts 2 Posters 748 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      B-C
      last edited by

      got it setup for management of the admin portal -
      specifically added only to allow certain inbound to WAN obviously but it is working and appears to have worked -

      using Godaddy DNS API

      so the question is this..

      I have some additional servers running behind the firewall on non-standard ports
      like 8443 - I can create the LE cert for one of these VMs, just not clear on how the VM gets the cert installed to use?
      using a Service Desk Plus specifically running on debian.

      Possibly best senario is setting up the LE-Script directly on that … but really liked the setup in PFsense - and saw it appeared others using it for regen of certs / VMs but was wondering how exactly that works.

      (8443 one of the CF allowed ports - at some point would switch then update LE DNS Method to CF)

      Hopefully that made any sense?

      And nice work by the way with all the different APIs didn't know acme had all those in there!

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        @B-C:

        like 8443 - I can create the LE cert for one of these VMs, just not clear on how the VM gets the cert installed to use?
        using a Service Desk Plus specifically running on debian.

        There is no such thing as a buildin script that copies a certificate (certificate files, or the whole bunch in a 'chained' file) from one device, pfSense, to another device, your server.
        The files have to get moved over, the service - the web server - has to be restarted.
        It is possible of course, but for your setup you need your script.

        When I renew my certificate for my pfsense (pfsense.mynetwork.tld) I also renew for diskstation.mynetwork.tld, printer1.mynetwork.tld printer2.mynetwork.tld, etc. I have to copies the needed  files over to the diskstation, printer1, printer2 etc - most of them do not even have a telnet or ssh access, so scripting is impossible.

        Best is to run some letsenscrypt support from these devices, if it is possible.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.