Hi,
I've been working with Opnsense for a few weeks now. I am on version 24.1.2 and have been using self signed certificates. Everything works great so far.
Now I would like to use my domain internally and switch to a Let's encrypt certificate.
For this I use DNS-01 Challenge via Cloudflare and can also create certificates for my opnsens. host name is : router. "domain".net.
I have entered the certificate under Systems/Settings/Administration and System/Settings/General (hostname/domain) and restart the web interface.
Opnsense can now be reached at this address, but the certificate is not secure!
I have searched through various tutorials but found nothing.
Thanks for tips
Did you not only place the FQDN in the CN field but also as a SAN? This is now mandated by browsers.
If I got your point correctly I need to put the router.domain.net into the alternate names field: router.domain.net.
Done - re-issued - but no change. the cert is still not trusted.
Then a screenshot of the certificate chain as the browser shows it is the only way I know to diagnose. Difficult if you don't want to share your FQDN. Possibly blur that part ...
I've captured the info from firefox. hope this helps
First pictures says it all - you are using the STAGING CA of Letsencrypt.
You cannot change the CA of your registered account in the UI after the fact - the help text even states as much. You need to delete and create the account again, this time with the production CA.
thank you so much for you help!!!