Would be helpful to have an option for manual entry in my DNS TXT record for validation like its possible to do from command line acme.sh.
In my case I don't have port 80 available due to ISP restrictions and my DNS service has no API.
I know this is an old thread but still very valid. I just realized that my ISP is blocking port 80 while trying to setup LetsEncrypt and HAProxy.
I would like to see if there is another way to do this.
+1
Quote from: cyrus104 on January 09, 2021, 11:53:21 AM
I know this is an old thread but still very valid. I just realized that my ISP is blocking port 80 while trying to setup LetsEncrypt and HAProxy.
I would like to see if there is another way to do this.
Yes with LetsEncrypts DNS Challenge
In my case, this is the only part where OPNsense lacks behind pfSense's ACME plugin implementation.
As my ISP (which is my domain provider) is not offering the possibility to create manually NS Records I am not able to use OPNsense's "ACME DNS API" which would give me the possibility to automate certificate renewals.
Plus, like OP has already mentioned, I do not have the possibility to use manual TXT entries with OPNsense's ACME implementation.
It drives me nuts that I am not able to jump away completely from pfSense to OPNsense. I have to run an additional virtual pfSense instance just because of certificate newewals. PFsense's ACME plugin is just offering more possibilities which do fit my needs.