Author Topic: ACME - Let's Encrypt Client Certs (Read 4363 times)

DanMc85 · « **on:** February 05, 2018, 01:38:40 pm »

Has anyone else on 18.1 had issues with issuing Let's Encrypt certs using the ACME plugin?
HTTP Challenge Type

First I had to change my OPNSense firewall HTTPS port from a custom one back to 443.
Then I originally had a multi domain (SAN) filled out with a few subdomains.

Whenever I issued the cert it would have validation failed.
However, when I edited the cert just to be the main domain with no SAN's, it completed successfully.
I never had this issue before and always had a full multi-domain cert on prior releases.

Notes: All the subdomains are just CNAME entries pointing to the main domain IP to resolve through DNS.

elektroinside · « **Reply #1 on:** February 06, 2018, 12:36:40 am »

There's an issue with the plugin, but it is getting fixed soon

Basically, it needs an upgrade. And if i'm not mistaken, the next version will also support wildcard certs

DanMc85 · « **Reply #2 on:** February 06, 2018, 04:56:19 am »

Nice find...

I just did a search and found this article which confirms what you said:
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html

Looks like wildcard will only support DNS validation instead of HTTPS validation for issuing cert.

I use google domains so it would be nice to see API support added... or the ability to generate and manually add a TXT DNS record for validation purposes which the regular ACME plugin supports but the OPNSense GUI does not appear to.

elektroinside · « **Reply #3 on:** February 06, 2018, 08:14:55 am »

Please request your needed feature here: https://github.com/opnsense/plugins/issues
Thanks

Author Topic: ACME - Let's Encrypt Client Certs (Read 4363 times)

DanMc85

ACME - Let's Encrypt Client Certs

elektroinside

Re: ACME - Let's Encrypt Client Certs

DanMc85

Re: ACME - Let's Encrypt Client Certs

elektroinside

Re: ACME - Let's Encrypt Client Certs