-
Make sure nothing on the firewall is using port 80 and then use the method mentioned at the top of page 3 of this thread (https://forum.pfsense.org/index.php?topic=101186.30)
-
Thanks for the Howto of HAProy and ACME.
There is one caveat you have to remind in 2.4.0:The Webroot must not be set to "/tmp/haproxy_chroot/haproxywebroot/.well-known/acme-challenge/"Â as mentionend in the "help" inline. You must set it as described in the HowTo /tmp/haproxy_chroot/well-known/acme-challenge/
One question.
Is this script a security problem? or should i deactivate the HAProxy on 80 after Cert refresh? I normally only use 443 HTTPS. -
If someone really insists on using a local webroot.
…
When I try to do like in yours manual i have received 404 resource not found.
Can help with that?
Tech part:
pfSense 2.4.0 , haproxy 0.52_14 (1.7.9), acme 0.1.20
HAProxy part:
Created acme-webroot.lua in files tab, created one frontend to all WAN IPs on only 80 port, ACL: url_acme_http01 with value /.well-known/acme-challenge/ and Actions: http-request lua service with value METH_GET url_acme_http01 and function acme-http01ACME part:
create issue cert to one domain with SAL list:
method webroot local folder: /tmp/haproxy_chroot/.well-known/acme-challenge/, tried to /tmp/haproxy_chroot/haproxywebroot/.well-known/acme-challenge/ -
I we created by hands folders (think it may can help, but no):
even tried to change permission to folder to 777 /tmp/haproxy_chroot for test purpose.
mkdir -p /tmp/haproxy_chroot/haproxywebroot/.well-known/acme-challenge/
mkdir -p /tmp/haproxy_chroot/.well-known/acme-challenge/
mkdir -p /tmp/haproxy_chroot/well-known/acme-challenge/and pointed ACME packet to this roots, but there no files in this directories :( after try issue certificate and because of it i get 404 (it response from acme-http01 lua service)
It this needed I can give acme logs -
Thanks for the Howto of HAProy and ACME.
There is one caveat you have to remind in 2.4.0:The Webroot must not be set to "/tmp/haproxy_chroot/haproxywebroot/.well-known/acme-challenge/"Â as mentionend in the "help" inline. You must set it as described in the HowTo /tmp/haproxy_chroot/well-known/acme-challenge/
One question.
Is this script a security problem? or should i deactivate the HAProxy on 80 after Cert refresh? I normally only use 443 HTTPS.Hi you successful configured the pfSense 2.4.0 with acme and haproxy?
Because I have troubles with this, can help? My problem discribed in two post above -
Please start separate threads for distinct issues, having multiple unrelated discussions simultaneously in a thread like this is hard for anyone to follow properly.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.