Is the WebGUI missing Acme DNS Alias Verification?



  • First, thank you pfSense dev team for implementing the Acme protocol. I have definitely put it to good use.

    But....

    Maybe I'm missing it... does the pfSense WebGUI include Acme.sh support for DNS Alias Mode?

    DNS Alias Verification mode is explained here:
    https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

    I believe acme.sh v2.7.9 used in pfSense 2.4.3 has support for it but I can't seem to find it in the certificate verification pull down choices in the WebGUI.

    If it doesn't, is there a way to run the acme.sh command line in such a way as to generate a new Let's Encrypt cert using Acme DNS Alias Verification and have the new cert(s) show up in the pfSense Certificate Manager?

    BobC



  • Hi,
    Look here, scroll down a lottle bit.
    This is what you are looking for ?



  • Yes, that is it...

    My apologies. I missed it in my forum search.

    Thank you Gertjan!



  • Hey Folks -

    I am confused how this is implemented in 2.4.4.

    I see the "Enable DNS alias mode:" in DNS-Manual method.

    I don't want DNS-Manual method. I've tried that with a _acme-challange.importantDomain CNAME to aliasDomainForValidation but it's looking for a TXT record with a sting of letters and numbers.

    According to the github page referenced in the original post, to issue a cert the acme cli ends up being something like:

    acme.sh --issue \
    -d importantDomain.com --challenge-alias aliasDomainForValidationOnly.com --dns dns_cf

    So where is the "dns_cf" Method in the pfSense WebUI?

    Or do you have to initially do the DNS-Manual method, then change the TXT record?

    Sorry if I'm missing something obvious...

    BobC


  • Rebel Alliance Developer Netgate

    dns_cf is the DNS-Cloudflare selection in the ACME certificate settings.

    When you choose that, there is still a box for Enable DNS alias mode to do what you want.