Duplicate Lets Encrypt CA certificates
-
I have 23.05 running on a Protectli FW6C. When I started out, I imported Let's Encrypt certificates using P12 files. I imported several of my domain certs, and they all used the same CA certs. I then moved to using ACME on pfSense to generate wild card certificates for just two domains. This action created duplicates of the CA certs.
The certs added by ACME are the third and fourth. The original R3 certs shows it is being used by the two ACME created certs.
I have looked in the configuration XML file and see the CA certs have unique <caref> entries. The ACME created domain certs have <caref> entries for the original R3 CA cert, not the one created by ACME.
I guess ACME is looking for CA certs named "Acmecert..." but the Certificate Manager is selecting the original R3.
How can I safely remove the original imported CA certs and use the two ACME created please?
-
@AMG-A35
Thinking this through if nobody has any suggestions, I might try renaming the two original CA certs to "Acmecert: ..." and delete the ACME created ones. -
@AMG-A35 said in Duplicate Lets Encrypt CA certificates:
I might try renaming the two original CA certs to "Acmecert: ..." and delete the ACME created ones
why would you not just delete your external ones?
-
@johnpoz The meta data in my config file links my two domain certs to the original CA certs. I'm worried that if I delete those certs I will not have a full chain for my domains. One of these domains is used by pfSense GUI so I don't want trouble accessing the GUI.
-
@AMG-A35 well test it.. simple enough to allow http access to your gui, then delete your external cert. Can you still get to the https? If not either get a new cert, or put your externals back.
But deleting the acme certs - guess what, when you run acme again more than likely it will just put its cas back.
