OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: ruggerio on July 18, 2018, 12:11:07 pm

Title: Lets encrypt howto
Post by: ruggerio on July 18, 2018, 12:11:07 pm

Hi,

I configured the letsencrypt-service on a forwarded webserver.

I could issue certificates without Problem, but how is the webserver aware of the new issued certifcates? Should i sync those certificates via rsync between opnsense and the webserver?

If the new issued certificates are not accessible from webserver, this will just drop certificate-errors

Thx
Roger

Title: Re: Lets encrypt howto
Post by: franco on July 19, 2018, 12:33:40 am

Hi Roger,

There is manual work involved here... unless you use haproxy acme-client integration and let the OPNsense handle the SSL connection for the internal servers and afterwards just redirect them.

Here's the original doc for the integration:

https://github.com/opnsense/plugins/pull/71


Cheers,
Franco

Title: Re: Lets encrypt howto
Post by: fraenki on August 14, 2018, 04:30:05 pm

I second that. Use HAProxy to do the SSL offloading and proxy requests to your webserver(s). This way OPNsense will do everything for you :)