Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSL cert with purchased domain name

    Scheduled Pinned Locked Moved ACME
    5 Posts 2 Posters 518 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unraveller349
      last edited by

      Hi, I have purchased a domain name (let’s pretend it’s abc.net) I followed the steps to setup acme cert. however when I login to pfsense firewall gui, it gives me the msg connection not secured Can someone pls guide me on this? Theee is no error if I use self signed cert.

      Followed but did not setup haproxy: https://jarrodstech.net/how-to-pfsense-haproxy-setup-with-acme-certificate-and-cloudflare-dns-api/

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG
        Gertjan @unraveller349
        last edited by Gertjan

        @unraveller349 said in SSL cert with purchased domain name:

        (let’s pretend it’s abc.net) I followed the steps to setup acme cert

        In System > Certificate Manager > Certificates the certificate obtained from Letsencrypt shows up :

        53de41bd-6a92-472e-90b2-c527779ad05e-image.png

        I use this certificate for the pfSense GUI (webConfigurator) as indicated.
        I never bothered to change the default TLS port number 443 :

        a3ae121f-7b0b-4d7a-99d7-ed1ca67a46d4-image.png

        so 'https' selected means : use port 443, which is the default browser's https port.
        You've selected the certificate obtained by acme / Letsencrypt ?

        acme needs a "method" so you can proof to Letsencrypt that 'you' 'own' (actually : rent) the domain name.
        I've read the steps, and saw at step 21 :

        Thats it for the Cert! You now have a certificate for your domain that will auto renew.

        That should be it : select this domain for the web configurator, select 'https', save and done.

        edit : not sure why HA_Proxy is needed.
        These big tutos are nice, but everywhere things evolve constantly. Cloudflaire will change it's procedures, as does acme;sh, as does Letsenecrypt.
        If you don't know what and why you are doing things, chances are great that over time it just doesn't work anymore, and that adjustments have to be made.

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        U 1 Reply Last reply Reply Quote 1
        • U
          unraveller349 @Gertjan
          last edited by

          @Gertjan did all that but when I login to the firewall gui, it will still say ‘your connection isn’t private. ‘

          U 1 Reply Last reply Reply Quote 0
          • U
            unraveller349 @unraveller349
            last edited by

            @unraveller349 just to further clarify, it says NET::ERR_CERT_COMMON_Name_invalid

            GertjanG 1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @unraveller349
              last edited by Gertjan

              @unraveller349

              Ah, ok.

              When you ask for a certicate, like pfsense.abc.net, you have to do this first :

              fefe3484-e51f-4ba4-a5b8-abcc744f42a7-image.png

              Btw :

              You've set this :

              c051c25c-7adf-4f4d-8df0-250ad459a25f-image.png

              ?
              If a new certificate was obtained, the webconfigurator has to be restarted so it will use the new certificate. That's what the 'action' is for.

              In your browser, you should from now on using

              https://pfsense.abc.net
              

              because the browser will first resolve 'pfsense.abc.net", it will obtain the pfSense LAN IP.
              Did you check that ?

              nslookup pfsense.abc.net
              

              returns 192.168.1.1 ? (or whatever your pfSense LAN IP is).

              Then it connects to 192.168.1.1, using port 443 (because of https).
              The web server, pfSense GUI, will send a certificate over that says : I'm am "pfsense.abc.net" and because the browser was looking for "pfsense.abc.net" everything is fine.

              If you were using https://192.168.1.1 then the test will fail.
              Because "192.168.1.1" isn't part of the name (SAN) of the certificate.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.