ACME-moving from staging to production-HOW?

snide_remarks · January 6, 2022, 10:17pm

Fist time with ACME on PFsense using HAproxy. Hung up on how to move from the current staging cert to a valid production cert. Trust me I have looked online, but nothing seems to fit my set up. Also as I am use to Certbot doing most of the work - I need step by step instructions. Thanks

https://tripwire.mywire.org

danb35 · January 6, 2022, 10:28pm

This really seems like a question that'd be better on the pfSense forum than here, but in brief, you'd start by creating a new ACME account key on the production server, and then use that to create the desired new certs.

rg305 · January 6, 2022, 10:33pm

Agreed.
I wouldn't know where to begin searching for the "staging" setting in pfSense.

danb35 · January 6, 2022, 11:08pm

Right here:

(don't worry, the key in the image isn't actually in use at all).

snide_remarks · January 6, 2022, 11:20pm

I did that with the keys. I renewed after that with success, but still no drop down option for a cert on my HAproxy front end other than the staging cert. This is what I get from the PFsense forum: "Reissue it using the production network so it is signed by a CA that browsers will trust."
I'm too antsy to wait 24 hours for more details and don't want to look like a total newby.

danb35 · January 6, 2022, 11:22pm

Once you've set up the production key, you'll need to edit each cert that was issued from the staging environment, switch it to the staging production account key, and then reissue the cert.

snide_remarks · January 6, 2022, 11:23pm

So I create a new cert as with the 1st one, but with the keys set for production instead of staging !?!

snide_remarks · January 6, 2022, 11:25pm

I could not see how to edit - is that import a new key?

snide_remarks · January 6, 2022, 11:26pm

You mean switch to the production key?

danb35 · January 6, 2022, 11:27pm

Really?

Yes, my mistake.

snide_remarks · January 7, 2022, 12:18am

No import option found. Do I copy the production key and paste it over the staging key. Sorry for my thickheadedness. Not sure why this has to be sooo convoluded. Any reference material you could point me to. Working on this aspect of my site two nights now.

danb35 · January 7, 2022, 12:45am

Who said anything about import? Edit the existing cert--that's what the "pencil" button does. Set it to use the production key. "reissue" the cert. Repeat for each cert that needs to be changed.

snide_remarks · January 7, 2022, 12:55am

Thanks I think I got it - what didn't work yesterday seemed to work today. Go figure.
appreciate your help.
tripwire.mywire
Renewing certificate
account: tripwire.mywire.org
server: letsencrypt-production-2

system · February 6, 2022, 12:55am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.