Has anyone heard of this?

  • I just came across a site called letsencrypt.org. It offers free trusted SSL certificates. I was skeptical at first, but I checked it out and it seems legit. The certs are trusted by most browsers, due to the CA signing them. This would be great if it worked with pfSense in general. Especially useful for folks who want to use Squid proxy, etc.

  • I've used it, and it worked. Then I got lazy w/ having to renew every X days and didn't care.

    Now my work is wiggin' out b/c I'm hitting https ports on my home server & no certs.

  • I don't suppose the renewal could be automated?

    BTW, forgot to mention, I put this in plugins forum, because I suspect this would be better suited for implementation as a plugin. It occurs to me now, this might be intended for existing plugins.

    @Moderator: feel free to move this.

  • Thanks KOM! One might think I'd have learned by now to search before posting. If so, one would be mistaken…

    In my defense, I was up 30 minutes earlier than usual today. I blame it on this. That's my story, and I'm sticking to it.

  • No problemo.  If I remember right, the entire point of Let's Encrypt was to have an automated system that would renew your cert regularly without user intervention.  They supply software that does all of this for you.  There was talk about a FreeBSD port, but I don't know the current status.  Ad then after that, someone would have to create a pfSense package to integrate it into the system.  For now, it's just easier to use the pfSense self-signed cert if required, and get your own real certs for your web server and mail server behind pfSense.  They're pretty cheap.  if I can afford one, anyone can.

Log in to reply