Several instances of opnsense that I use present the same issue with letsencrypt:
- The cron "Renew ACME certificates" => renew the certificate as expected
- The certificate used for the webgui is still the old one
So I need to manually restart the webgui service in order that it takes in account the new certificate.
Conclusion: If the certificate have been renewed by letsencrypt "Renew ACME certificates" the webgui have to be restarted automatically. It is not the case.
Hi,
that is what the Automations in the ACME Client are for.
You need to add a Restart OPNsense Web UI automation in ACME Client -> Automations and then assign it to the certificate in ACME Client -> Certificates.
Works for me :)
Hi and thanks a lot ! I wouldn't thought about it.
It should be an automation that opnsense manage itself when the certificate is used for the web UI.
So for other concerned to use a letsencrypt certificate for opnsense web ui:
1- create letsencrypt certificate [Services/ACME client/Certificates]
2- assign SSL certificate [System/Settings/Administration]
3- create letsencrypt automation [Services/ACME client/Automations] and choose run command "Restart OPNsense Web UI"
4 - edit certificate from #1 [Services/ACME client/Certificates] and assign the automation created at #3
Or more quicker but less intuitive:
1- create letsencrypt automation [Services/ACME client/Automations] and choose run command "Restart OPNsense Web UI"
2- create letsencrypt certificate [Services/ACME client/Certificates] and choose automation created at #1
3- assign SSL certificate [System/Settings/Administration]