OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of ftrojahn »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - ftrojahn

Pages: [1]
1
23.7 Legacy Series / Re: ACME Client gives error that deploy hooks are missing
« on: November 08, 2023, 03:54:10 pm »
Quote from: longshot338 on November 01, 2023, 04:03:41 pm
Thanks for the info, cookiemonster, but how do we get acme.sh to look there for the file(s)?  I tried using the full path in my command line use of acme.sh, but that didn't work either.  I would really like to set-up everything in the GUI, and allow the triggers to execute things without me having to manually intervene.

I have a similar problem: acme with dns and dns-alias seems not to work in Proxmox itself, but in OPNsense.
So I tried to deploy from OPNsense to Proxmox, too, and found this thread.

What I have found:
  • we need to copy the deploy dir from examples to the acme-client home:
Code: [Select]
cp -a /usr/local/share/examples/acme.sh/deploy /var/etc/acme-client/home/

  • since my PVE node has a self signed cert, the automation fails with:
Code: [Select]
=> Send SSL data, 5 bytes (0x5)
0000: .....
== Info: TLSv1.3 (OUT), TLS alert, unknown CA (560):
=> Send SSL data, 2 bytes (0x2)
0000: .0
== Info: SSL certificate problem: unable to get local issuer certificate
== Info: Closing connection

which means: curl must not check the certificate of the node. To achieve this, I found no other way
than edit acme.sh and add:

Code: [Select]
HTTPS_INSECURE=1

    Now, when starting the automation - the GUI says successful. But ... cert wasn't imported, in the pveproxy/access.log
    I only see:
    "POST /api2/json/nodes/proxhost/certificates/custom HTTP/1.1" 401 -

    My api token has the the sys.modify right ... but maybe this is not sufficient. Tried with both pveversion 7.4 and 8.0.4

    Did anyone get this to work?

    2
    19.7 Legacy Series / Re: OPNsense will only boot once with config
    « on: February 10, 2020, 10:51:13 am »
    We had the same problem last week. Tried to install 20.1, then 19.7 by importing from usb-stick:conf/config.xml.

    Same here - all was working flawlessly, but then it failed every time after first reboot, see attachment. On every try it stuck after "pfsync.ko". Using 19.7 it was somewhere later ... but same blue "Booting..." line, then nothing.

    Then, we tried the install without import, configuring only lan/wan interfaces,internal IP and DHCP-Server.
    We imported the same config.xml after installation via Gui - no problems with reboot after that.

    For now, we stick with 19.7 as we had no time to do further tests.

    3
    18.7 Legacy Series / Re: Import and Update own public certificate scheduled from shell
    « on: June 18, 2019, 02:58:55 pm »
    just try this, works for me on recent OPNsense 19.1.9:

    https://github.com/pluspol-interactive/opnsense-import-certificate

    Pages: [1]
    OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
    • SMF 2.0.19 | SMF © 2021, Simple Machines
      Privacy Policy       | XHTML | RSS | WAP2