Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Automated cert renewal

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 3.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zjgn
      last edited by

      Hi,

      what's the recommended way to automatically update renewed certificates for
      the pfsense GUI?

      What needs to be done:

      1. Add new certificate to
        System → Certificate Manager → Certificates
      2. Select this certificate in
        System → Advanced → Admin Access → SSL Certificate
      3. Possibly reload web server config

      Certs have been updated manually in the past. But since the move to
      letsencrypt cert renewal should be automated. Certs are generated on another
      server, not on the pfsense box.

      According to a forum search there doesn't seem to be an API that could be
      utilised.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You only need steps 1 and 2. Step 3 happens automatically when you save on step 2.

        So just import the new cert, switch the GUI to the new cert, done. You can remove the old cert once you are sure the new cert is working as expected.

        Let's Encrypt/ACME only renews its own certs (from the ACME package) in-place, that does not apply to certificates generated any other way.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • GertjanG
          Gertjan
          last edited by

          @zjgn said in Automated cert renewal:

          Certs are generated on another
          server, not on the pfsense box.

          Have this box generate it's certs except the one for pfSense, and let pfSense handle it's cert using the package acme.

          True, there is no API. But you have the full shell script (several flavors);, PHP (and thus indirect access to the config).

          Try Google pfsense import cert script and you will find -as always - a lot of info on the very first link.

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          Z 1 Reply Last reply Reply Quote 0
          • Z
            zjgn @Gertjan
            last edited by

            Using the acme package might be a solution. I haven't tried that.

            That link helped to get me started. Using the correct search terms massively helps getting more relevant search results. Thanks a lot for the quick response and the nudge in the right direction.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.