Opnsense with ionos as isp

I want to have a wild card certificate at my local firewall opnsense. This is due to some captive portal login and voucher things.

I dont have played till now with lets encrypt.

My hosting provider is ionos.de

My domain is: pstproducts.com

I can login to a root shell on my machine: yes

So I search for hours around some tutorials, but I don't find some with opensense, wild card and lets encrypt.

Any Help would be great

First step is done.
Install at opnsense the acme tool ---> system, firmware, plugins, os-acme-client, click at "+"

Well, wildcard certificates need DNS validation. So that means the relevant questions are:

  • Who provides your DNS hosting?
  • Does acme.sh support automated updates of that provider's DNS records? The list of supported providers (and necessary credentials) is at:
    dnsapi · acmesh-official/acme.sh Wiki · GitHub
  • Does the OPNsense GUI support that DNS provider--will it let you enter the necessary credentials?

You say ionos is your "hosting provider", which may or may not be relevant. But if they are providing your DNS hosting, it appears acme.sh does support them: dnsapi · acmesh-official/acme.sh Wiki · GitHub

You'll need to get some API credentials from ionos, and then presumably there's a place in the OPNsense GUI to enter them. Problems or questions on that side of things are better directed to the OPNsense forum.

Which one is it?

Neither, actually; it's OPNsense. See:

1 Like

It is opnsense, sorry for misspelling

Where do I have to enter those stuff with export? On the shell at opnsense firewall?
Read Getting Started to learn how to create an API key. Export your credentials as environment variables:

export IONOS_PREFIX="..."
export IONOS_SECRET="..."

You shouldn't have to enter those commands at all, but you will need to use these credentials. But in order to do that, OPNsense would need to support your DNS host, and it doesn't look like they do:

The underlying ACME client they use (acme.sh) supports it, but it doesn't look like they have it coded into their UI. You'll need to ask them about changing that.

1 Like


Thanky for this great help.

I will go to opnsense guys and ask them.

Best Regards,


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.