ACME-moving from staging to production-HOW?

Fist time with ACME on PFsense using HAproxy. Hung up on how to move from the current staging cert to a valid production cert. Trust me I have looked online, but nothing seems to fit my set up. Also as I am use to Certbot doing most of the work - I need step by step instructions. Thanks


https://tripwire.mywire.org

1 Like

This really seems like a question that'd be better on the pfSense forum than here, but in brief, you'd start by creating a new ACME account key on the production server, and then use that to create the desired new certs.

1 Like

Agreed.
I wouldn't know where to begin searching for the "staging" setting in pfSense.

1 Like

Right here:


(don't worry, the key in the image isn't actually in use at all).

2 Likes

I did that with the keys. I renewed after that with success, but still no drop down option for a cert on my HAproxy front end other than the staging cert. This is what I get from the PFsense forum: "Reissue it using the production network so it is signed by a CA that browsers will trust."
I'm too antsy to wait 24 hours for more details and don't want to look like a total newby.

Once you've set up the production key, you'll need to edit each cert that was issued from the staging environment, switch it to the staging production account key, and then reissue the cert.

2 Likes

So I create a new cert as with the 1st one, but with the keys set for production instead of staging !?!

I could not see how to edit - is that import a new key?

You mean switch to the production key?

Really?
image

Yes, my mistake.

1 Like

No import option found. Do I copy the production key and paste it over the staging key. Sorry for my thickheadedness. Not sure why this has to be sooo convoluded. Any reference material you could point me to. Working on this aspect of my site two nights now.

Who said anything about import? Edit the existing cert--that's what the "pencil" button does. Set it to use the production key. "reissue" the cert. Repeat for each cert that needs to be changed.

1 Like

Thanks I think I got it - what didn't work yesterday seemed to work today. Go figure.
appreciate your help.
tripwire.mywire
Renewing certificate
account: tripwire.mywire.org
server: letsencrypt-production-2

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.