Step-ca local ACME server

manny.tew

Is it possible to add to the dropdown an option to configure a custom URL for the ACME CA server?

We don't want to use Let's Encrypt servers for internal systems.

The goal is for the Netgate box to use ACME to fetch and renew its cert like all other machines on the internal network.

viktor_g

There is a feature request:
https://redmine.pfsense.org/issues/9833

manny.tew

It looks like one of the commenters on reddit got it working...i think...not very clear and it was last talked about a year ago...

https://www.reddit.com/r/PFSENSE/comments/fukt7b/acme_with_custom_private_server/fmghj5j

From looking at the code, the thing I'm not clear on is exposing port 80 (verification/validation) to the LAN instead of WAN.

Is this the code? https://github.com/pfsense/FreeBSD-ports/tree/devel/security/pfSense-pkg-acme and are there rules on the PR process?

manny.tew

@viktor_g I've added a comment to the feature request showing my interest in this. Any idea on getting this added. It really is a game changer for admins responsible for managing certs.