Cant access webGUI: Expired certificate!
-
Hi,
I am on CE 2.8 and have been using pfsense for several years. I use self-signed certificates and CA created in pfsense. I forgot to renew my web ui certificate and now can't access the GUI. The error I get is NET:ERR_CERT_DATE_INVALID. The certificate expired 2 days ago.
I do have CLI access. Any help in what needs to be done to regain access to the web ui would greatly appreciated.
-
hey there,
in case you have cli access:
chose (i think its #14) the right option to disable https (for the moment), then you won't need a cert (since no ssl).
Then renew your webGUI cert (better: set up your own CA and your own ssl cert with pfsense's cert manager)...
As soon as your new ssl cert for pfsense webGUI is working...set to https again. Done...
:) I hope...edit:
or you could do it as sasid in the official documentary...
https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html
look for https cert problems...the other
pure amateur home user, no business or professional background
please excuse poor english skills and typpoz :) -
@the-other Thanks for you help. From the CLI, option 14 has to do with SSH. The only other option that seemed possible was option 11 ( reset GIU) but that did not work.
Not sure what to try next.
-
@kenw usually a web browser will let you view/accept/bypass the cert warning.
If using Chrome, there is a particular error page where you can blindly type the word “thisisunsafe” into the page, to allow the bypass. Or try a different browser.
-
I was able to access GUI from a different browser and just accepted the security risk of accessing sight without valid certificate. Thanks to those helped.
-
@the-other said in Cant access webGUI: Expired certificate!:
or you could do it as sasid in the official documentary...
https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html
look for https cert problems...https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html#https-certificate-problems
pfSsh.php playback generateguicertshould do the trick.
It regenerates a new (CA) certificate, assigns it to the GUI, and restarts the GUI.@kenw said in Cant access webGUI: Expired certificate!:
CE 2.8
2.8 : I don't recall, but newer versions do warn you about a certificate that you use, and is about to expire. pfSense is even sends notifications (mail or other) if you've set this up.
