OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Lets encrypt howto
« previous next »
  • Print
Pages: [1]

Author Topic: Lets encrypt howto  (Read 7749 times)

ruggerio

  • Sr. Member
  • ****
  • Posts: 289
  • Karma: 11
    • View Profile
Lets encrypt howto
« on: July 18, 2018, 12:11:07 pm »
Hi,

I configured the letsencrypt-service on a forwarded webserver.

I could issue certificates without Problem, but how is the webserver aware of the new issued certifcates? Should i sync those certificates via rsync between opnsense and the webserver?

If the new issued certificates are not accessible from webserver, this will just drop certificate-errors

Thx
Roger
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13624
  • Karma: 1171
    • View Profile
Re: Lets encrypt howto
« Reply #1 on: July 19, 2018, 12:33:40 am »
Hi Roger,

There is manual work involved here... unless you use haproxy acme-client integration and let the OPNsense handle the SSL connection for the internal servers and afterwards just redirect them.

Here's the original doc for the integration:

https://github.com/opnsense/plugins/pull/71


Cheers,
Franco
Logged

fraenki

  • Full Member
  • ***
  • Posts: 171
  • Karma: 28
    • View Profile
    • GitHub
Re: Lets encrypt howto
« Reply #2 on: August 14, 2018, 04:30:05 pm »
I second that. Use HAProxy to do the SSL offloading and proxy requests to your webserver(s). This way OPNsense will do everything for you :)
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 18.1 Legacy Series »
  • Lets encrypt howto
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2