Messages

I figured this out later. But how does Nginx handle switching to the renewed certificate?
Given that NGINX will list all available certs from core including the renewed one.
Here Nginx will stick with the outdated cert, no?

I ended up cleaning the doubled entries from https://fw01.lkd70.com:8443/system_certmanager.php
It would still be great if the entries there got overwritten when the same cert got renewed.

Hello,
I have the problem that under certificate field in NGINX plugin like HTTP Server or Upstream.
The dropdown of the certificate is listing the same certificates couple of times and also some deleted certificates are still in the list although they are deleted under ACME Client.
I tried to dig in the files but never figured out the way NGINX plugin is calling the certificates and how they're populated.
I think that the certs are being displayed there multiple of times due to the renewal that is being regarded as multiple certs.
I tried to clean up the directories  /usr/local/etc/nginx/key/ and  /var/etc/acme-client/ where old certs are still there but that didn't help that NGINX plugin stop displaying multiple certs.

Any tip how I did ended up with that and how can i clean up the multiple entries?

Hello,

I just notice that when setting up the WebGUI to run over HTTPS under System -> Settings -> Administraion, that we can change the TCP port but only for one protocol and not both HTTP and HTTPS ports.

I just need to still be able to use HTTPS for the WebGUI but also change the default HTTP 80 port to free it for other applications such as Nginx.
The only solution that is now working is switching to HTTP so i can change the port and run Nginx otherwise by activating HTTPS lighttpd from WebGUI will listen on 80 and block Nginx process from starting.

Is that a limitation or am I missing something?

Hi Reuben,

I already added many missing DNS providers, but the changes are still not merged, However, if you want to get it asap, you can make the changes from the following commit manually:

https://github.com/opnsense/plugins/pull/712/commits/711525177bed33ae85c3a93c1e91280f6f05a0d2

Hi, the logs tab in the GUI menu, is echoing from /var/log/acme.sh.log which is itself is directly created from acme.sh script.

1. you can do this, I'm thinking of making this natively, but for now to see the executing script you need to edit the /usr/local/opnsense/scripts/OPNsense/AcmeClient/certhelper.php file after line 771 and print the $acmecmd var to a log file:
    $DEBUG= "executing command: " . $acmecmd . "\n \n";
    file_put_contents('logs.txt', $DEBUG, FILE_APPEND);

This way you will get a log file in that path for the executed acme.sh options on each issue, issue force and renew run.

If you have issues you can directly file an issue in OPNsense plugin repo: https://github.com/opnsense/plugins

is it possible that you open an issue in OPNsense Plugins repo https://github.com/opnsense/plugins, so we can investigate it later?

Hi nikkon,

The error "Error creating new authz :: DNS name does not have enough labels", is mostly indicating an invalid domain name, are you sure your domain name is correct and registered to you?

Exactly Franco, that was what I missed, thanks a lot

Guys, no one has any idea, can't believe that no one uses this feature.

Hello all,

First thanks for this amazing firewall, I'm coming from pfSense and noticed a great network performance boost especially with the bandwidth speed.

Now I have a small question with acme.sh on pfsense, we used to write custom commands, but here the acme.sh client is much changed and that's still fine as long as it's more obviously more secure.

I read already that in order to get my restart action I need to create a configd action.

So i done this already by creating actions_acmescripts.conf under

Code Select Expand

/usr/local/opnsense/service/conf/actions.d.

then restarted configd service and tested my command like the following:

Code Select Expand

configctl acmescripts send_pve_cert

It runs properly and all fine, now the simple question, how do I get this to appear in the LetsEncrypt-Restart Actions on GUI side because after adding nothing is added at the frontend.


Any tip is highly appreciated, thanks for your time and for reading my issue.