Messages

1

22.1 Legacy Series / Re: www/nginx: Mutiple Cert entries of the same cert

« on: April 01, 2022, 02:41:29 am »

I figured this out later. But how does Nginx handle switching to the renewed certificate?
Given that NGINX will list all available certs from core including the renewed one.
Here Nginx will stick with the outdated cert, no?

2

22.1 Legacy Series / Re: www/nginx: Mutiple Cert entries of the same cert

« on: March 30, 2022, 03:11:45 am »

I ended up cleaning the doubled entries from https://fw01.lkd70.com:8443/system_certmanager.php
It would still be great if the entries there got overwritten when the same cert got renewed.

3

22.1 Legacy Series / www/nginx: Mutiple Cert entries of the same cert

« on: March 30, 2022, 12:46:27 am »

Hello,
I have the problem that under certificate field in NGINX plugin like HTTP Server or Upstream.
The dropdown of the certificate is listing the same certificates couple of times and also some deleted certificates are still in the list although they are deleted under ACME Client.
I tried to dig in the files but never figured out the way NGINX plugin is calling the certificates and how they're populated.
I think that the certs are being displayed there multiple of times due to the renewal that is being regarded as multiple certs.
I tried to clean up the directories  /usr/local/etc/nginx/key/ and  /var/etc/acme-client/ where old certs are still there but that didn't help that NGINX plugin stop displaying multiple certs.

Any tip how I did ended up with that and how can i clean up the multiple entries?

4

21.1 Legacy Series / Can't change both WebGUI Ports

« on: June 10, 2021, 01:53:25 pm »

Hello,

I just notice that when setting up the WebGUI to run over HTTPS under System -> Settings -> Administraion, that we can change the TCP port but only for one protocol and not both HTTP and HTTPS ports.

I just need to still be able to use HTTPS for the WebGUI but also change the default HTTP 80 port to free it for other applications such as Nginx.
The only solution that is now working is switching to HTTP so i can change the port and run Nginx otherwise by activating HTTPS lighttpd from WebGUI will listen on 80 and block Nginx process from starting.

Is that a limitation or am I missing something?

5

18.1 Legacy Series / Re: Enabling Zonomi API as a LetEncrypt DNS validator

« on: June 23, 2018, 02:19:08 am »

Hi Reuben,

I already added many missing DNS providers, but the changes are still not merged, However, if you want to get it asap, you can make the changes from the following commit manually:

https://github.com/opnsense/plugins/pull/712/commits/711525177bed33ae85c3a93c1e91280f6f05a0d2

6

18.1 Legacy Series / Re: no log for acme.sh if using dns challenge

« on: June 23, 2018, 02:15:55 am »

Hi, the logs tab in the GUI menu, is echoing from /var/log/acme.sh.log which is itself is directly created from acme.sh script.

1. you can do this, I'm thinking of making this natively, but for now to see the executing script you need to edit the /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php file after line 771 and print the $acmecmd var to a log file:
    $DEBUG= "executing command: " . $acmecmd . "\n \n";
    file_put_contents('logs.txt', $DEBUG, FILE_APPEND);

This way you will get a log file in that path for the executed acme.sh options on each issue, issue force and renew run.

If you have issues you can directly file an issue in OPNsense plugin repo: https://github.com/opnsense/plugins

7

General Discussion / Re: LetsEncrypt troubleshooting advice..

« on: June 23, 2018, 02:06:23 am »

is it possible that you open an issue in OPNsense Plugins repo https://github.com/opnsense/plugins, so we can investigate it later?

8

General Discussion / Re: Issues getting cert with acme

« on: June 23, 2018, 02:01:47 am »

Hi nikkon,

The error "Error creating new authz :: DNS name does not have enough labels", is mostly indicating an invalid domain name, are you sure your domain name is correct and registered to you?

9

18.1 Legacy Series / Re: Custom commands for LetsEncrypt

« on: May 19, 2018, 02:01:55 pm »

Exactly Franco, that was what I missed, thanks a lot

10

18.1 Legacy Series / Re: Custom commands for LetsEncrypt

« on: May 15, 2018, 10:22:43 pm »

Guys, no one has any idea, can't believe that no one uses this feature.

11

18.1 Legacy Series / [SOLVED] Custom commands for LetsEncrypt

« on: May 13, 2018, 01:17:31 am »

Hello all,

First thanks for this amazing firewall, I'm coming from pfSense and noticed a great network performance boost especially with the bandwidth speed.

Now I have a small question with acme.sh on pfsense, we used to write custom commands, but here the acme.sh client is much changed and that's still fine as long as it's more obviously more secure.

I read already that in order to get my restart action I need to create a configd action.

So i done this already by creating actions_acmescripts.conf under

Code: [Select]

/usr/local/opnsense/service/conf/actions.d.

then restarted configd service and tested my command like the following:

Code: [Select]

configctl acmescripts send_pve_cert
It runs properly and all fine, now the simple question, how do I get this to appear in the LetsEncrypt-Restart Actions on GUI side because after adding nothing is added at the frontend.


Any tip is highly appreciated, thanks for your time and for reading my issue.