How to install lets encrypt certificate for pfsense router GUI


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: localdomain

It produced this output:

My web server is (include version):-

The operating system my web server runs on is (include version):-

My hosting provider, if applicable, is: Optimum

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): locall ssh


#2

So what’s your question? If you’re wanting to create a new cert for your pfSense box, use the acme package. If you’re wanting to install a cert you already obtained, use the certificate manager. If you’re having trouble with either of these, you’ll need to give a lot more information about what’s going on (like, for example, all those questions you didn’t answer).


#3

First of all thank you for a quick response.
I have the netgate router running pfsense 2.4.3.
I install the package acme, created the the account key and register the key.
Problem I have is to create the certificate.
The domain is required which in my case is the localdomain.
And what method should I use( standalone webserver, web root local folder)?
Finally how and were do I enter the txt file?
Is there a good guide for doing this?
Also I run webserver on dmz were I host few domains. I was able successfully setup certboot for those domains. But don’t know how to do this for the router GUI.

Thanks,


#4

Then you won’t be able to get a certificate. Let’s Encrypt only issues certificates for public domain names.

You should use whichever method best matches your infrastructure. I’m using DNS validation with Cloudflare, but if you aren’t using Cloudflare as your DNS host (and can’t or don’t want to switch), that won’t work.

You enter it wherever is appropriate for the validation method you’ve chosen–there are dozens of possibilities depending on which one you’ve chosen.

The pfSense documentation itself (the link I gave in my first reply) is pretty good. Otherwise, googling for “pfsense acme package” comes up with a number of other guides.


#5

For My hosted domains I use Google domains.
I have additional domain that I register for myself also with Google Domains.
Google domains are not in the available options in acme package for using DNS
I look at the pfsense documentation but it is not helpfull in my case


#6

No, they aren’t; they don’t have a suitable API. So you have a few other options, presented in no particular order:

  • Use DNS manual mode–it will work with any DNS host that lets you set TXT records for your domains, but will require you to manually do so at least every three months in order to renew your certificate.
  • Move your DNS service to another provider–Cloudflare is one that’s free and works fine with the Acme package (it’s what I’m using), but there are a number of providers available.
  • Come up with a way to do HTTP validation instead. For this to work, Let’s Encrypt will have to be able to connect to http://yourfqdn/.well-known/acme-challenge, and you’ll need to be able to put a small text file there for them to read. This blog post addresses one way of doing this (it’s the third hit on the google search I suggested above).

#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.