Following the instructions of this video:
https://www.youtube.com/watch?v=IR41duTqN6Y
with updates to reflect changes in opnsense since the video was produced, I was able to create a signing certificate using my duckdns.org account.
However, while the OPNSense - Services - Certificate entry is enabled and is showing as issued, and while the OPNSense - System - Administration - Settings - System - SSL Certificate for my duckdns.org account appears in the dropdown list, and is selected.
when I browse to my opnsense url at https://192.168.1.1/ I still get told it is an unsecured location.
Here is what my opnsense System:Trust:Certificates window says about the certificate (with my certificate name manually redacted to xxx below):
xxx.duckdns.org (ACME Client)
CA: No, Server: Yes R3 (ACME Client) CN=xxx.duckdns.org
Valid From: Thu, 04 Nov 2021 22:59:06 -0400
Valid Until: Wed, 02 Feb 2022 21:59:05 -0500
Any help would be appreciated.
hi. you access the GUI using the ip address and the certificate is issued for a domain name (CN does not match)
Frigth: thank you.
For those that may run into the same issue.
When I try to access the router by IP address, I get an unsecured connection.
When I browse to my duckdns.org address I get "A potential DNS Rebind attack has been detected. Try to access the router by IP address instead of by hostname."
So what is needed in the url line is:
https://opnsense
where the word "opnsense" is the hostname as defined in OPNSense - Systems - Settings - General - Hostname.
This gives me a secure connection.
in addition: to overcome dns rebind check Alternate Hostnames in System: Settings: Administration can be used