Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Upload SSL certificate for webconfigurator via ssh/scp

    Scheduled Pinned Locked Moved webGUI
    2 Posts 2 Posters 710 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marl_scot
      last edited by

      I use a seperate server that handles all my LetsEncrypt certificate renewals, this gives me a central secure location to create and renew certificates (all renewals are done via DNS-01, so the renewal server is not accessible from outside), these are then uploaded via ssh to various servers and then apache/nginx/postfix etc is restarted on the remote systems.
      I can not find where pfsense stores the certificate used for the web frontend 😦

      My normal way of renewing a certificate is :
      SSL Management server :-

      certbot /renew
      scp manager@remote.server.one /etc/letsencrypt/live/remote.server.one/fullchain.pem /etc/ssl/
      scp manager@remote.server.one /etc/letsencrypt/live/remote.server.one/private.pem /etc/ssl/
      ssh manager@remote.server.one /usr/sbin/service nginx reload
      

      I know nginx uses /var/etc/cert.crt/key and that some form of the certificate is stored in /cf/conf/config.xml but i can't work out how to push a new certificate in the correct format (and where that certificate should be pushed to so it is loaded after restart of webconfig or a full system restart)

      Can anyone point me in the right direction? Also how can you reload the web frontend from the command prompt (non interactively)?

      As I already have my ssl management server setup, I don’t want to use the letsencrypt acme package on pfsense itself and I want to use the same system to push certificates to multiple pfsense servers.

      Any tips/suggestions would be welcome.

      1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan
        last edited by

        Hi,

        The acme package uses this command (shell script) to reload the NGINX web servers after a new cert was imported.

        The acme package also contains the scripts that can show you how to import the certs into pfSense config.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.