I want to have a wild card certificate at my local firewall opnsense. This is due to some captive portal login and voucher things.
t have played till now with lets encrypt.
My hosting provider is ionos.de
My domain is: pstproducts.com
I can login to a root shell on my machine: yes
So I search for hours around some tutorials, but I don't find some with opensense, wild card and lets encrypt.
Any Help would be great
First step is done.
Install at opnsense the acme tool ---> system, firmware, plugins, os-acme-client, click at "+"
Well, wildcard certificates need DNS validation. So that means the relevant questions are:
- Who provides your DNS hosting?
- Does acme.sh support automated updates of that provider's DNS records? The list of supported providers (and necessary credentials) is at:
dnsapi · acmesh-official/acme.sh Wiki · GitHub
- Does the OPNsense GUI support that DNS provider--will it let you enter the necessary credentials?
You say ionos is your "hosting provider", which may or may not be relevant. But if they are providing your DNS hosting, it appears acme.sh does support them: dnsapi · acmesh-official/acme.sh Wiki · GitHub
You'll need to get some API credentials from ionos, and then presumably there's a place in the OPNsense GUI to enter them. Problems or questions on that side of things are better directed to the OPNsense forum.
Neither, actually; it's OPNsense. See:
It is opnsense, sorry for misspelling
Where do I have to enter those stuff with export? On the shell at opnsense firewall?
Read Getting Started to learn how to create an API key. Export your credentials as environment variables:
You shouldn't have to enter those commands at all, but you will need to use these credentials. But in order to do that, OPNsense would need to support your DNS host, and it doesn't look like they do:
The underlying ACME client they use (acme.sh) supports it, but it doesn't look like they have it coded into their UI. You'll need to ask them about changing that.
Thanky for this great help.
I will go to opnsense guys and ask them.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.