Acme -> webgui -> domain name
-
Hi,
I'm new to pfsense, and I would like to access my pfsense dashboard/webgui from https://pfsense.domain.tld how do I do that.?
Is there an guide for that?
-
@sbh7600 said in Acme -> webgui -> domain name:
Is there an guide for that?
'hhtps' of the fine mixup of 'what is DNS', what is a 'domain name', a registrar, TLS.
"Everybody uses it all day long so it can't be that hard".The bad news upfront : it's rocket science. Like driving a car : you cant'. In the beginning, its just to hard. But after some learning it becomes easy.
Fast and easy solution : locate one of the 100+ @johnpoz forum posts where he explain how to import auto-signed the pfSense GUI cert into your browser's cert storage. From now on your browser won't complain anymore as every cert listed into it's cert storage is accepted as 'valid' : the signer or CA (== pfSense itself) is now trusted.
Done.
No need to use acme.sh package.
Really K(eep)I(t)S(imple).Or handle the issue as a real admin (and every web site - 1 billion or so ?- owner out there)
How to access a https site without the browser yelling at you that the "certificate has a problem" because its auto-signed ?
I'll rephrase the question : how do you get a certificate that every browser trusts out of the box ? => By using a certificate signed by a trusted CA.
Who can do this for you for free , => Example : Letsencrypt.
The pfSense package "acme.sh" can do all the work for you.The classic solution : you need to own** "domain.tld". For this, you contact a registrar like mentioned here.
** : actually : rent. Be aware :a something dot com or dor org : about 10 $ a year ?
While choosing your registrar, you, as the admin, have to read their capabilities. They need to have a method that can be use so acme.sh can update a 'special' DNS info. You shouldn't do this manually, with the GUI access where you 'admin' your domain name, it should be done with a script.
Here are the scripts. Don't worry, you won't have to interact with these.Btw : never tried it myself but it is possible to use a free DDNS domain name with some - I don't know which one - which has to offer you the needed API access by these methods (or API) that acme.sh supports so it can do its work. In that case, your pfSense domain will be something like pfsense14256.example-of-a-free-dyndns.tld.
Why ? Because you can't have first-name.last-name@gmail.com neither, it has already been taken ^^
So "pfsense14256" it will be.
And "example-of-a-free-dyndns.tld" because you chose that domain name - it's free after all.Ones you have a domain name, and the access credentials from the registrar, you can set up pfSense acme.sh so it can do it's job. acmes.sh will request do the certificate requesting for you, and renew it when needed until the end of time (or the day you stop paying for your domain name). Totally automated.
-
@Gertjan thanks. I managed after doing this post.
