Has anyone else on 18.1 had issues with issuing Let's Encrypt certs using the ACME plugin?
HTTP Challenge Type
First I had to change my OPNSense firewall HTTPS port from a custom one back to 443.
Then I originally had a multi domain (SAN) filled out with a few subdomains.
Whenever I issued the cert it would have validation failed.
However, when I edited the cert just to be the main domain with no SAN's, it completed successfully.
I never had this issue before and always had a full multi-domain cert on prior releases.
Notes: All the subdomains are just CNAME entries pointing to the main domain IP to resolve through DNS.
There's an issue with the plugin, but it is getting fixed soon :) Basically, it needs an upgrade. And if i'm not mistaken, the next version will also support wildcard certs :)
Nice find...
I just did a search and found this article which confirms what you said:
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
Looks like wildcard will only support DNS validation instead of HTTPS validation for issuing cert.
I use google domains so it would be nice to see API support added... or the ability to generate and manually add a TXT DNS record for validation purposes which the regular ACME plugin supports but the OPNSense GUI does not appear to.
Please request your needed feature here: https://github.com/opnsense/plugins/issues
Thanks