Is the WebGUI missing Acme DNS Alias Verification?

tazmo

First, thank you pfSense dev team for implementing the Acme protocol. I have definitely put it to good use.

But....

Maybe I'm missing it... does the pfSense WebGUI include Acme.sh support for DNS Alias Mode?

DNS Alias Verification mode is explained here:
https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

I believe acme.sh v2.7.9 used in pfSense 2.4.3 has support for it but I can't seem to find it in the certificate verification pull down choices in the WebGUI.

If it doesn't, is there a way to run the acme.sh command line in such a way as to generate a new Let's Encrypt cert using Acme DNS Alias Verification and have the new cert(s) show up in the pfSense Certificate Manager?

BobC

Gertjan

Hi,
Look here, scroll down a lottle bit.
This is what you are looking for ?

tazmo

Yes, that is it...

My apologies. I missed it in my forum search.

Thank you Gertjan!

tazmo

Hey Folks -

I am confused how this is implemented in 2.4.4.

I see the "Enable DNS alias mode:" in DNS-Manual method.

I don't want DNS-Manual method. I've tried that with a _acme-challange.importantDomain CNAME to aliasDomainForValidation but it's looking for a TXT record with a sting of letters and numbers.

According to the github page referenced in the original post, to issue a cert the acme cli ends up being something like:

acme.sh --issue \
-d importantDomain.com --challenge-alias aliasDomainForValidationOnly.com --dns dns_cf

So where is the "dns_cf" Method in the pfSense WebUI?

Or do you have to initially do the DNS-Manual method, then change the TXT record?

Sorry if I'm missing something obvious...

BobC

jimp

dns_cf is the DNS-Cloudflare selection in the ACME certificate settings.

When you choose that, there is still a box for Enable DNS alias mode to do what you want.