Is the WebGUI missing Acme DNS Alias Verification?
-
First, thank you pfSense dev team for implementing the Acme protocol. I have definitely put it to good use.
But....
Maybe I'm missing it... does the pfSense WebGUI include Acme.sh support for DNS Alias Mode?
DNS Alias Verification mode is explained here:
https://github.com/Neilpang/acme.sh/wiki/DNS-alias-modeI believe acme.sh v2.7.9 used in pfSense 2.4.3 has support for it but I can't seem to find it in the certificate verification pull down choices in the WebGUI.
If it doesn't, is there a way to run the acme.sh command line in such a way as to generate a new Let's Encrypt cert using Acme DNS Alias Verification and have the new cert(s) show up in the pfSense Certificate Manager?
BobC
-
-
-
Hey Folks -
I am confused how this is implemented in 2.4.4.
I see the "Enable DNS alias mode:" in DNS-Manual method.
I don't want DNS-Manual method. I've tried that with a _acme-challange.importantDomain CNAME to aliasDomainForValidation but it's looking for a TXT record with a sting of letters and numbers.
According to the github page referenced in the original post, to issue a cert the acme cli ends up being something like:
acme.sh --issue \
-d importantDomain.com --challenge-alias aliasDomainForValidationOnly.com --dns dns_cfSo where is the "dns_cf" Method in the pfSense WebUI?
Or do you have to initially do the DNS-Manual method, then change the TXT record?
Sorry if I'm missing something obvious...
BobC
-
dns_cfis the DNS-Cloudflare selection in the ACME certificate settings.When you choose that, there is still a box for Enable DNS alias mode to do what you want.
