Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: opns_neuling on August 11, 2021, 09:05:15 PM

Title: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded
Post by: opns_neuling on August 11, 2021, 09:05:15 PM
Hello!
I have a case here with 2 opnsense (cascaded connected).
One of them has a public IP and the second is cascaded (DMZ).
Letsencrypt runs on the first Opensense.
I would like to synchronize the certificates for extensions to the second Opensense and restart the GUI there (so the letsencrypt certificates are used for the GUI in the second router) .... is that possible?  how to? ideas ?
Thanks in advance
Title: Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded
Post by: opns_neuling on December 21, 2021, 08:05:14 PM
Does anyone have a similar scenario?
2 pfsense, one with wan connection and one on a second level (without wan access) ?

opensense 1 with acme-client (for wilcard-cert)
opensense2 (at another location) has to use the same wilcard-cert ...

Thanks a lot
Title: Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded
Post by: opn_nwo on December 22, 2021, 03:42:59 PM
I can't help you with the specifics, but you can probably script it and scp it to the target server, maybe?
Title: Re: Letsencrypt synchronize with other Opnsense (dmz), i.e. cascaded
Post by: KHE on December 22, 2021, 06:28:37 PM
Hi,

according to Let's Encrypt you can create up to 5 duplicate certificates. I would create just another certificate on the second OPNsense.
LE rate limit are here (https://letsencrypt.org/docs/rate-limits/).

Copying the file is not a problem, there is the sftp Automation plugin. But importing it on the second OPNsense is the problem.

KH
Text only | Text with Images