1
Tutorials and FAQs / Re: Tutorial 2024/02: HAProxy + Let's Encrypt Wildcard Certificates + 100% A+ Rating
« on: February 23, 2024, 08:17:20 am »OPNsense is up-to-date -->
OPNsense 24.1.2_1-amd64
FreeBSD 13.2-RELEASE-p10
OpenSSL 3.0.13
Firefox: 121.0 (64-bit), archlinux (doesn't matter, latest update on windows brings up the same issue)
DEFAULT in FF: security.ssl.enable_ocsp_stapling = true
--> leads to no access on any pages with certs following the tutorial. At least if pages are secured to local access only. I assume, same error for public access.
Changing the default in FF to false gives access back.
Made a few changes:
Did a roll back to
OPNsense 23.7.12_5-amd64
FreeBSD 13.2-RELEASE-p7
OpenSSL 1.1.1w
For all certs I changed to key lenght 2048. OCSP must staple "off". Renewed all certs and deployed to the servers. Now on all clients FF and TB are working again with no errors.
Adding local and public subdomain rules in public services HTTPS_frontend are not working as expected in my setup. Adding in option pass through
acl lan_vpn src 192.168.x.x/24
acl lan_vpn src 10.0.x.x/24
http-request deny if ! lan_vpn
is working. Access from public is not possible - as intended. Maybe it helps someone.
@thehellsite: thx very much for this great tutorial.
regards,
stefan