Is the WebGUI missing Acme DNS Alias Verification?

  • First, thank you pfSense dev team for implementing the Acme protocol. I have definitely put it to good use.


    Maybe I'm missing it... does the pfSense WebGUI include support for DNS Alias Mode?

    DNS Alias Verification mode is explained here:

    I believe v2.7.9 used in pfSense 2.4.3 has support for it but I can't seem to find it in the certificate verification pull down choices in the WebGUI.

    If it doesn't, is there a way to run the command line in such a way as to generate a new Let's Encrypt cert using Acme DNS Alias Verification and have the new cert(s) show up in the pfSense Certificate Manager?


  • Hi,
    Look here, scroll down a lottle bit.
    This is what you are looking for ?

  • Yes, that is it...

    My apologies. I missed it in my forum search.

    Thank you Gertjan!

  • Hey Folks -

    I am confused how this is implemented in 2.4.4.

    I see the "Enable DNS alias mode:" in DNS-Manual method.

    I don't want DNS-Manual method. I've tried that with a _acme-challange.importantDomain CNAME to aliasDomainForValidation but it's looking for a TXT record with a sting of letters and numbers.

    According to the github page referenced in the original post, to issue a cert the acme cli ends up being something like: --issue \
    -d --challenge-alias --dns dns_cf

    So where is the "dns_cf" Method in the pfSense WebUI?

    Or do you have to initially do the DNS-Manual method, then change the TXT record?

    Sorry if I'm missing something obvious...


  • Rebel Alliance Developer Netgate

    dns_cf is the DNS-Cloudflare selection in the ACME certificate settings.

    When you choose that, there is still a box for Enable DNS alias mode to do what you want.

Log in to reply