Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is the WebGUI missing Acme DNS Alias Verification?

    Scheduled Pinned Locked Moved ACME
    5 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tazmo
      last edited by

      First, thank you pfSense dev team for implementing the Acme protocol. I have definitely put it to good use.

      But....

      Maybe I'm missing it... does the pfSense WebGUI include Acme.sh support for DNS Alias Mode?

      DNS Alias Verification mode is explained here:
      https://github.com/Neilpang/acme.sh/wiki/DNS-alias-mode

      I believe acme.sh v2.7.9 used in pfSense 2.4.3 has support for it but I can't seem to find it in the certificate verification pull down choices in the WebGUI.

      If it doesn't, is there a way to run the acme.sh command line in such a way as to generate a new Let's Encrypt cert using Acme DNS Alias Verification and have the new cert(s) show up in the pfSense Certificate Manager?

      BobC

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,
        Look here, scroll down a lottle bit.
        This is what you are looking for ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 1
        • T
          tazmo
          last edited by tazmo

          Yes, that is it...

          My apologies. I missed it in my forum search.

          Thank you Gertjan!

          1 Reply Last reply Reply Quote 0
          • T
            tazmo
            last edited by

            Hey Folks -

            I am confused how this is implemented in 2.4.4.

            I see the "Enable DNS alias mode:" in DNS-Manual method.

            I don't want DNS-Manual method. I've tried that with a _acme-challange.importantDomain CNAME to aliasDomainForValidation but it's looking for a TXT record with a sting of letters and numbers.

            According to the github page referenced in the original post, to issue a cert the acme cli ends up being something like:

            acme.sh --issue \
            -d importantDomain.com --challenge-alias aliasDomainForValidationOnly.com --dns dns_cf

            So where is the "dns_cf" Method in the pfSense WebUI?

            Or do you have to initially do the DNS-Manual method, then change the TXT record?

            Sorry if I'm missing something obvious...

            BobC

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              dns_cf is the DNS-Cloudflare selection in the ACME certificate settings.

              When you choose that, there is still a box for Enable DNS alias mode to do what you want.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.