Lets Encrypt certificate files in /conf/acme - What is what here?
-
Hi,
Can anybody explain what files are saved to /conf/acme when generating a Lets Encrypt wildcard certificate. I have created a script for copying certificate files upon renewal to a VPS server in the cloud. And there I want to configure nginx to use the correct certificate files to enable ssl for ex. site.mydomain.com using this wildcard certificate.
Setting up nginx certificate files for ssl_certificate vs ssl_certificate_key, one typically uses the fullchain .pem for ssl_certificate configuration key in /template/ssl_tmpl (nginx), and the privkey.key for ssl_certificate_key configuration key in /template/ssl_tmpl (nginx).
So, which file from pfsense is to be used here? Or must some of them be converted och merged with other files before they can be use by nginx?
Regards
-
@coder Hope you might find answers here: https://docs.netgate.com/pfsense/en/latest/packages/acme/general.html#validation-process
-
@coder said in Lets Encrypt certificate files in /conf/acme - What is what here?:
So, which file ....
Shouldn't be that hard :
[2.5.1-RELEASE][admin@pfsense.my-pfsense.net]/conf/acme: ls -al total 32 drwxr-xr-x 2 root wheel 1024 Sep 27 2018 . drwxr-xr-x 4 root wheel 2048 Apr 21 09:12 .. -rw-r--r-- 1 root wheel 7069 Mar 22 03:17 V2_my-pfsense.all.pem -rw-r--r-- 1 root wheel 1586 Mar 22 03:17 V2_my-pfsense.ca -rw-r--r-- 1 root wheel 2236 Mar 22 03:17 V2_my-pfsense.crt -rw-r--r-- 1 root wheel 3822 Mar 22 03:17 V2_my-pfsense.fullchain -rw-r--r-- 1 root wheel 3247 Mar 22 03:17 V2_my-pfsense.net.key
The 'fullchain' is the crt+ca added.
The 'pem' is the crt+key+ca added. -
Thanks! Ok, so maybe the .fullchain file and the .key file, are the ones to be used in nginx!?
But are they .pem's, or do they need to be converted? I have already tried to configure the .fullchain and .key files in /etc/ssl/certs and /etc/ssl/private respectively in nginx. But it doesn't work. Do I need to some conversion here, or have I simply done something wrong in the nginx config?
-
@coder said in Lets Encrypt certificate files in /conf/acme - What is what here?:
But it doesn't work
Install Google.
Type nginx fullchain and Enter.
Use any of the 984255865 supplied links to guide you.
Example, the official one is here.The "ssl_certificate" settings needs the fullchain.pem ( V2_my-pfsense.fullchain ) file.
The "ssl_certificate_key" setting needs the privkey.pem;(my V2_my-pfsense.net.key) file.You could also have a look at this file :
/var/etc/nginx-webConfigurator.conf
It's the web configuartion file of pfSense.
Guess what : pfSnse uses nginx.... ssl_certificate /var/etc/cert.crt; ssl_certificate_key /var/etc/cert.key; ...
and compare these two file with what you found in /cf/conf/acme/ (that is, if you obtain your certs using the pfSense acme package).