I am using an ACME script embeded in OpnSense to create a LetsEncrypt certificate. I have successfully generated a certificate however it is not recognised as valid. I suspect that I am trying to do something that is not possible and would like advice. Just incase it is possible and I am doing something wrong
My domain is: baxtersnet.com
I ran this command: Not sure, I put information into the GUI
It produced this output: Produces a certificate
My web server is (include version):
The operating system my web server runs on is (include version): Linux - deployed directly as OpnSense
My hosting provider, if applicable, is: Namecheap and myself
I can login to a root shell on my machine (yes or no, or I don’t know): Haven’t tried, I think it is possible to ssh though
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): OpnSense using ACME pluggin.
I have a number of devices behind the OpnSense firewall that I was planning to expose, however I want to do so with them using SSL. Also the web interface on the OpnSense switch itself also needs to have SSL working on it, at the moment it uses an internally generated certificate.
I thought I would start by generating a certificate for the router as it is probably the most straight forward. I created the certificate using the routers DNS entry. This was created using the DNS where I bought my domain and points to the IP address of my broadband router (OpnSense). The certificate had just the router.baxtersnet.com address in it and I set it to include the OSCP. The certificate was generated and added however it shows in the browser as invalid.
I understand why this might be for a browser looking from inside as it will see the internal nat’s version of the ipaddress. I am not sure why the external address would not work though. I am using Http verification so it sees the box, and I have allowed port 80 through to the firewall address.
Am I trying to do something impossible? Or am I just doing something wrong? If you can point me at any resources that might clear this up for me I would be grateful.